Burp community forum

Parameter of HTTP POST with Content-Type multipart/form-data could not be updated

Roland | Last updated: Sep 20, 2015 05:49PM UTC

Hi all I'm not sure if I'm doing something wrong, but I experienced an issue when trying to remove or update a parameter of a multipart/form-data HTTP POST from a java extension. The original parameter is not removed but the new is added additionally to the edited request. Original Message: --------------------------------- POST /test/ HTTP/1.1 Host: testhost.brrrr User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: test.com Cookie: ASP.NET_SessionId=asdf; UserCulture=Language=de-DE&UserSpecific=false Connection: keep-alive Content-Length: 4635 Content-Type: multipart/form-data; charset=UTF-8; boundary=--------800612066 Pragma: no-cache Cache-Control: no-cache ----------800612066 Content-Disposition: form-data; name="wa" wsignin1.0 ----------800612066 Content-Disposition: form-data; name="wresult" <t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">[shortened] ----------800612066-- Edited request: ---------------------------- POST /test/ HTTP/1.1 Host: testhost.brrrr User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de,en-US;q=0.7,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: test.com Cookie: ASP.NET_SessionId=asdf; UserCulture=Language=de-DE&UserSpecific=false Connection: keep-alive Content-Length: 9223 Content-Type: multipart/form-data; charset=UTF-8; boundary=--------800612066 Pragma: no-cache Cache-Control: no-cache ----------800612066 Content-Disposition: form-data; name="wa" wsignin1.0 ----------800612066 Content-Disposition: form-data; name="wresult" <t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">[shortened] ----------800612066 Content-Disposition: form-data; name="wresult" <?xml version="1.0" encoding="UTF-8"?> <edited:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">[shortened] ----------800612066-- In my Java code I'm doing the following steps: String parameterToUpdate = "wresult"; IParameter newParameter = helpers.buildParameter(parameterToUpdate, getEncodedSAMLMessage(textMessage), IParameter.PARAM_BODY); byteMessage = helpers.updateParameter(byteMessage, newParameter); Thanks in advance for checking my issue and thanks for the awesome work at Burp Suite! Cheers Roland

PortSwigger Agent | Last updated: Sep 21, 2015 07:48AM UTC

Thanks for this. This is actually a known problem with the parameter manipulation API, in that multipart parameters are not properly handled. This is in our backlog of minor issues to address. In the meantime, I'm afraid you may need to work without this API and manipulate the request directly in your own code.

You need to Log in to post a reply. Or register here, for free.