Burp community forum

Performing an ActiveScan to perform scan against non-body parameters

Amit | Last updated: Sep 16, 2015 06:17PM UTC

I am currently writing an extension to do perform active scan with manipulated parameters: queueItem = this.callbacks.doActiveScan(this.host, this.port, this.useHttps,baseRequestResponse.getRequest(), scanJob.getOffsets(testCaseParam, baseRequestResponse)); In getOffsets(), we identify which parameters are available and if they match, we get the offset values as shown below: IRequestInfo requestInfo = this.helpers.analyzeRequest(baseRequestResponse); List<IParameter> parameters = requestInfo.getParameters(); insertion_points.add(testCaseParam); List<String> insertion_points = new ArrayList<String>(); for (IParameter parameter:parameters){ for(String param:insertion_points){ if (parameter.getName().equalsIgnoreCase(param)){ int start = parameter.getValueStart(); int end = parameter.getValueEnd(); int[] offsets = {start, end}; offset_list.add(offsets); } } } return offset_list; While this works very well with parameters in the BODY of a request, I don't see any values from the header. Get the active scanner to scan with values manipulated in the following: 1. URL 2. Header Parameters (for eg: Referer string) 3. Cookie Values Please advise

PortSwigger Agent | Last updated: Sep 17, 2015 02:30PM UTC

You are using Burp's parameter parsing API to locate your insertion points. The parameter parsing API finds parameters in the URL, body and cookies, not headers. If you want your extension to place insertion points into other locations within the request, including headers, you'll need to calculate the insertion point offsets yourself in your own code.

Burp User | Last updated: Sep 23, 2015 08:05PM UTC

Thank you, I will explore this alternative.

You need to Log in to post a reply. Or register here, for free.