Quantcast
Channel: support.portswigger.net :: Burp Extensions
Viewing all articles
Browse latest Browse all 115

Design new extension - Problem with buildRequest and URL Encode

$
0
0
Hi! I'm new to extending Burp and I wanted to add an active scanner plugin for some injections. When I making the requests with a payload with special characters, for example alert(1), the request encoded my payload with "URL encode". My code is as follows: for(String payload: payloads){ IHttpRequestResponse test = this.callbacks.makeHttpRequest(httpService,insertionPoint.buildRequest(helpers.stringToBytes(payload))); } when I make "insertionPoint.buildRequest(helpers.stringToBytes(payload))" my payload is encoded in" URL encode", I think is because according to the documentation: https://portswigger.net/burp/extender/api/burp/IScannerInsertionPoint.html#buildRequest(byte[]) "Note: Scan checks should submit raw non-encoded payloads to insertion points, and the insertion point has responsibility for performing any data encoding that is necessary given the nature and location of the insertion point." How could I send the request without encoding anything? For example, if I send alert(1), the request should be: GET / ... .... param=alert(1) and not: GET / ... .... param=%3cscript%3ealert(1)%3c%2fscript%3e Thanks a lot!

Viewing all articles
Browse latest Browse all 115

Trending Articles