Burp Suite User Forum

Create new post

Proxy Intercept modify + encode

Filip | Last updated: Mar 02, 2016 03:56PM UTC

Hi, It would be nice to add to the "Match and Replace" feature of the Proxy Options the possibility to not only add and replace but to encode, or even do the same as with the intruder payload processing (adding rules in a certain order) Like this we can use Burp as a proxy for other tools which require modification of the payload. E.g: I have a blind SQL injection which I'd like to exploit with sqlmap, but the parameter which is injectable exists of multiple parts, where one needs to be static and the other is injectable, but the full value of the parameter is encoded in base64. for example: Request.php?blah=YT0xJmI9cmFuZG9tJmM9aW5qZWN0YWJsZQ== decoded: a=1&b=random&c=injectable In this case I could sqlmap it and add a proxy rule to base64 encode all parameter values which mtach parameter "blah"

PortSwigger Agent | Last updated: Mar 02, 2016 04:18PM UTC

Agreed, this would be a useful feature, but probably only in very occasional situations, so it's unlikely we're going to prioritize it. It sounds like it would be fairly simple to create a quick extension to do whatever custom processing you want of the specific parameter.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.