Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Spidering + Form Submission

Karthik | Last updated: May 13, 2015 07:17AM UTC

I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values" I have given a field name and field value and enabled it to be submitted. If there appears a value that is not in the list that I have given and let us assume I have not defined/selected "Set unmatched fields to:" field as well. In that case, when Burpsuite encounters a field that is not matched above, what will be the response ? will users be prompted to submit value for that field ? Could you please clarify ?

PortSwigger Agent | Last updated: May 13, 2015 07:58AM UTC

If you don't define/select the "Set unmatched fields to" option then Burp will submit any unmatched text fields with empty values.

Burp User | Last updated: May 13, 2015 09:19AM UTC

Thanks for the response. Question 1: If I am going to use this spider results to then scan(Active scan - XSS/SQL injection) the websites, will these parameters (for which empty values were submitted) also considered for scan ? Question 2: If after submitting empty values, the websites returns the same form again (as it was incomplete), how ill Burpsuite handle this ? Will the form be submitted infinitely ?

PortSwigger Agent | Last updated: May 13, 2015 11:23AM UTC

1. Yes, the Scanner will still test any empty parameters in the usual way. 2. No, the Spider won't submit the form again in this situation.

Burp User | Last updated: May 13, 2015 12:32PM UTC