Burp Suite User Forum

Login to post

Payload still encodes after unchecking "Url-encode these characters" checkbox

Max | Last updated: Jan 12, 2021 03:06PM UTC

Found on Burp Suite Community Edition v.2020.12.1 1. I'm trying to start intruder attack with following payload: type: recursive grep initial payload: 2021-01-12 16:27:24.056815 (timestamp with characters wich can be encoded) "Url-encode these characters" checkbox: unchecked Screenshot: https://monosnap.com/file/h7Sx2lLCQki2ceudVG1tbWmI3X7vQy 2. After starting an attack, i see that value in payload is still encoded Screenshot: https://monosnap.com/file/0lD0xmJVKdmlw0ZUJ6rrnAqDWDTiAb 3. In Payloads tab of the current attack i see that "Url-encode these characters" checkbox is still checked Screenshot: https://monosnap.com/file/ZOm6qnlX5vGLm9qJBJambnudvrEV96

Ben, PortSwigger Agent | Last updated: Jan 13, 2021 08:17AM UTC

Hi, Thank you for taking the time to highlight this. We have raised this issue as a bug report so that the development team can investigate and identify the root cause. We will update this thread if we have any further news to share about a fix for this issue.

You need to Log in to post a reply. Or register here, for free.