Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Request Manipulation

subhash | Last updated: Jul 06, 2024 01:51PM UTC

Hello Team, I have one general query. Changing a request query parameter to a different value and then getting a different result. As long as the data is something user should have access to then there isn't a problem right ?

Hannah, PortSwigger Agent | Last updated: Jul 08, 2024 12:13PM UTC

Hi Could you provide some more information about your question? Changing query parameters may result in a different response - for example, the query parameter might be a product ID to determine which product to display on a shopping site.

subhash | Last updated: Jul 11, 2024 04:57AM UTC

There is a search option and by that feature we can see users record and both admin and non admin users can see that specific user record. So if I login and search for user example: abc and intercept the request and modified the value to different user def and forwarded the request the application is showing details of def. Although the user have privilege to see both user record via UI itself. So there isn't a issue right ? If they were able to see the record which they do not have access to in some way then it would be a problem. right ?

Hannah, PortSwigger Agent | Last updated: Jul 11, 2024 10:46AM UTC