Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Payload--line wrapping

olek | Last updated: Oct 10, 2022 03:31PM UTC

Hi Team I would like ask about some simple issue.If I collect my payload but notepad do not allow for long payload how to Handle with this .Fox example ?q=../etc/passwd/ --good ?q=../../../../../../.............. long line ............ How to prepare it to be works well with Burp.I have to use short line or wrapping line or Burp see long line . ?

Ben, PortSwigger Agent | Last updated: Oct 11, 2022 11:29AM UTC

Hi Olek, I am not quite sure what you are asking here but If there are carriage return characters in your text then Burp will interpret these and split the copied text into separate lines. If there are no carriage return characters in your text then Burp will interpret the text as being a single, continuous line of text.

olek | Last updated: Oct 11, 2022 03:20PM UTC

Yes I want to say Burp this is one line but long which in my notepad take 4 lines .Yes but what is """return characters""" ?q=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ?q=AAAAAAAAAAA This is 2 payloads How to use """return characters"""May you show me example ??

Ben, PortSwigger Agent | Last updated: Oct 12, 2022 10:08AM UTC

Hi Olek, You would want to copy that as one long line of text. Some text editors might wrap the text so that it appears to be split into several lines (when in reality it is still one contiguous line) so it really depends on what you text editor is doing.

olek | Last updated: Oct 12, 2022 11:29AM UTC

OK but Burp will be know this is "1" one payload . Ben what is """return characters""" this is this ---> <CR> I shoud use it create payload for Burp.??

Ben, PortSwigger Agent | Last updated: Oct 13, 2022 07:33AM UTC

Hi Olek, The following might help you understand how carriage return and newline functionality works in text editors: https://en.wikipedia.org/wiki/Carriage_return https://en.wikipedia.org/wiki/Newline When you are viewing a request in the message editor, if you click the 'Show non-printable characters' icon (the `\n') this will then display both the carriage return and newline characters that are present in the text. The following screenshot illustrates this: https://snipboard.io/Ny68ni.jpg

olek | Last updated: Oct 13, 2022 12:22PM UTC

Ben ok I understand you but this will be correct.I create payload for Burp FUZZ.I create """" 3 lines payload """ How many will see Burp.And what to do to cut for next payload if Burp see more then """" 3 lines payload """ ?q=../etc/passwd ?q=../etc/passwd ?q=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd/

Ben, PortSwigger Agent | Last updated: Oct 13, 2022 03:44PM UTC

Hi Olek, As noted, it would entirely depend on how it has been formatted in the text editor that you are copying from. If you copy your text Burp and view the non-printable characters you will be able to see whether Burp has identified if its a single, continuous line of text or whether there are return/newline characters. If there are return/newline characters then you can delete these in the message editor. You can test this out in Repeater by adding text and pressing the Enter key and then deleting the /r and /n non-printable characters and observing what happens.

olek | Last updated: Oct 13, 2022 07:43PM UTC

Now I understand why Burp in FUZZ when I select payload file do not want FUZZ.But when I copy and paste Burp FUZZ well .Burp do not see brake space. Ben how fast remodel my payload .Do you have fast technique.

Ben, PortSwigger Agent | Last updated: Oct 14, 2022 10:47AM UTC

Hi Olek, Apologies, I am not entirely sure what you are asking here - are you able to clarify?

olek | Last updated: Oct 14, 2022 01:13PM UTC