Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add custom param value #29

Open
MMquant opened this issue Jul 13, 2020 · 1 comment
Open

Add custom param value #29

MMquant opened this issue Jul 13, 2020 · 1 comment
Labels
enhancement New feature or request

Comments

@MMquant
Copy link

MMquant commented Jul 13, 2020

It would be nice if you could pass arbitrary param value instead using just wrtqva<random>.
The idea is that I would like to fuzz for blind SSRF during header discovery so I would like to pass <random>.brp.mmquant.net as the header value.

I tried to modify code in

ParamGuesser.java:249
ParamGuesser.java:587
Attack.java:31
Utilities.java:771

Compiled and then copied

ParamGuesser.class
Attack.class
Utilities.class

to /root/.BurpSuite/bapps/<appId>/build/libs/burp/<classFile>
but I'm unable to get it to work as param-miner still fuzzes with wrtqva<random> string.
*( I'm not JAVA dev :) )
@albinowax
Copy link
Contributor

To apply any source changes you just need to run 'gradle build fatjar' then load the resulting jarfile into Burp.

@albinowax albinowax added the enhancement New feature or request label Sep 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Milestone
No milestone
Development

No branches or pull requests
2 participants
@albinowax @MMquant