Burp Suite User Forum

Login to post

stringToBytes method outputting invalid/incorrect characters

AssistantX | Last updated: Dec 29, 2021 09:51PM UTC

First reported here https://github.com/synfron/ReshaperForBurp/issues/15#issuecomment-1002476347, a user reported that text they entered isn't being properly outputted in Burp Suite. It is outputting with invalid/incorrect characters that don't match the input. The user had the same issue with https://github.com/Hannah-PortSwigger/modifyResponse. After further investigation, it appears that the issue is actually with the stringToBytes method provided in the burp-extender-api library. The stringToBytes method doesn't seem to properly support texts of certain languages/ranges of characters. I have created a simplified example at https://pastes.io/raw/2sinn96odz. Note, in the example that the output text that was the result of decoding/re-encoding doesn't match the input text.

Hannah, PortSwigger Agent | Last updated: Jan 04, 2022 12:23PM UTC

Hi As detailed in the Extender API documentation, a character with the hex representation 0xWXYZ will always be converted into a byte with the representation 0xYZ. It performs the opposite conversion to the method bytesToString() (0xYZ -> 0x00YZ). This means that in cases where characters use multi-byte characters, there can be truncation of data leading to invalid/incorrect characters. - https://portswigger.net/burp/extender/api/burp/IExtensionHelpers.html#stringToBytes(java.lang.String) We have an ongoing request to modify this functionality. I can add your +1 to it if you would like?

AssistantX | Last updated: Jan 05, 2022 05:32AM UTC

How long has the change to bytesToString/stringToBytes been requested? What is the likelihood of this change being implemented? I ask this because I'd like my extension to be able to support languages with characters that are outside the 1 byte character spectrum and it would be helpful to know if I'd probably need to implement this myself if the API change is not likely to happen/is years off.

Hannah, PortSwigger Agent | Last updated: Jan 05, 2022 05:30PM UTC

Hi Unfortunately, this issue is not currently in our roadmap and we don't have any timeframe estimate available for when this will be resolved.

You need to Log in to post a reply. Or register here, for free.