Burp Suite User Forum

Login to post

URI as insertion POINT

Ahmed | Last updated: Jul 28, 2022 08:30AM UTC

Hi, I am curious if we can insert out payload inside URI, We have multiple insertion points but all those are related to parameters and there is no insertion point returned for URI while BurpSuite ActiveScan does check for URI based injections also. How do i achieve this in Extension? Example: - /INSERTION-POINT/index.html - /home/INSERTION-POINT-index.html how can i achieve this dynamically to set the payload within URI instead of parameters? Regards, Ahmed

Hannah, PortSwigger Agent | Last updated: Jul 28, 2022 08:47AM UTC

Hi Ahmed The Scanner already includes insertion points in the path of a request. Under your auditing configuration, if you go to "Insertion point types" then you can see that there is an option for "URL path filename" and "URL path folders". In this section of your audit configuration you can also disable other insertion point types.

You need to Log in to post a reply. Or register here, for free.