Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

withUpdatedParameters(List) function updates only the first parameter

JK | Last updated: Jun 26, 2024 09:10AM UTC

Hi, I'm struggling with modification of the request payload in a class extending ExtensionProvidedHttpRequestEditor. In the getRequest() function, I'm packing the content of my custom editor and want to update request parameters with that. My code looks like: --- Pattern pattern = Pattern.compile(REGEX); String[] bodyParams = pattern.split(this.requestEditor.getContents().toString()); java.util.ArrayList<HttpParameter> newBodyParams = new ArrayList<HttpParameter>(); for (String bodyParam : bodyParams) { //... some custom encoding etc newBodyParams.add(HttpParameter.parameter(paramName, paramValueEncoded, HttpParameterType.BODY)); } // checking if everything was updated correctly - this output everything as expected /*for (HttpParameter bodyParam: newBodyParams) { String paramName = bodyParam.name(); String paramValue = bodyParam.value(); this.api.logging().raiseDebugEvent("Item of updated parameters list: " + paramName + ", paramValue: " + paramValue); }*/ // for some reason this updates only the first parameter (regardless of which one it is) request = this.originalRequestResponse.request().withUpdatedParameters(newBodyParams); --- Even though the newBodyParams list contains correct (updated) values of my parameters, only the first one parameter is update in the created request object. It isn't tied to a parameter name. A change of parameter order changes also the parameter which gets updated. Any advise is welcome.

Hannah, PortSwigger Agent | Last updated: Jun 27, 2024 09:07AM UTC

Hi

Are all parameters that you are updating present in the request?

I've tested this out with a POC extension, but all matching parameters are updated.
import burp.api.montoya.BurpExtension;
import burp.api.montoya.MontoyaApi;
import burp.api.montoya.http.message.params.HttpParameter;
import burp.api.montoya.http.message.requests.HttpRequest;
import burp.api.montoya.ui.contextmenu.ContextMenuEvent;
import burp.api.montoya.ui.contextmenu.ContextMenuItemsProvider;

import javax.swing.*;
import java.awt.*;
import java.util.ArrayList;
import java.util.List;

import static burp.api.montoya.http.message.params.HttpParameter.parameter;
import static burp.api.montoya.http.message.params.HttpParameterType.BODY;

@SuppressWarnings("unused")
public class Extension implements BurpExtension
{
    @Override
    public void initialize(MontoyaApi montoyaApi)
    {
        List<HttpParameter> newBodyParams = new ArrayList<>();

        newBodyParams.add(parameter("a", "b", BODY));
        newBodyParams.add(parameter("b","c",BODY));
        newBodyParams.add(parameter("c","d",BODY));

        montoyaApi.userInterface().registerContextMenuItemsProvider(new ContextMenuItemsProvider()
        {
            @Override
            public List<Component> provideMenuItems(ContextMenuEvent event)
            {
                JMenuItem menuItem = new JMenuItem("Replace parameters and output");
                menuItem.addActionListener(l -> {
                    HttpRequest request = event.messageEditorRequestResponse().isPresent()
                            ? event.messageEditorRequestResponse().get().requestResponse().request()
                            : event.selectedRequestResponses().get(0).request();

                    HttpRequest newRequest = request.withUpdatedParameters(newBodyParams);

                    montoyaApi.logging().logToOutput(newRequest.toString());
                });

                return List.of(menuItem);
            }
        });
    }
}

Example request:
GET / HTTP/2
Host: portswigger-labs.net
Accept-Encoding: gzip, deflate, br
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.127 Safari/537.36
Cache-Control: max-age=0
Content-Length: 11

a=1&b=2&c=3

JK | Last updated: Jul 01, 2024 08:35AM UTC

Thank you, your answer was helpful. First, I validated it worked on your example. Then I focused on your hint about names of parameters. I found that parsed parameters contained prepended "\n" which caused the reported issue. It works now :)

Hannah, PortSwigger Agent | Last updated: Jul 01, 2024 09:28AM UTC