Any way to quickly URL encode specific characters ? #25
-
Trying to replicate the payload encoding for specific characters like in Intruder. I want this to apply to Active Scan and Extension requests so burps Match and Replace rules are no good either. Session handling rules dont provide the required regex replace functionality either. I was thinking i could use a Set Value Then based on regex but i think i'd have to do this for each character so would end up with quite a few rules. Does anyone have any ideas on what i could use for this use case ? Thanks in advance. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 3 replies
-
You should be able to URL encode using a Run Script Then. JavaScript has the So your code would be like this (not the console logs and comments are extra/alternatives that aren't needed):
See https://synfron.github.io/ReshaperForBurp/ScriptingLibrary.html#reshaper for documentation for |
Beta Was this translation helpful? Give feedback.
-
Along similar lines is it possible to base64 encode a variable using reshaper ? (doing some work with jwt) Thanks |
Beta Was this translation helpful? Give feedback.
-
Sorry. I should have said in my original post but i tried that and a btoa failed (i think that is a browser only function). Can i call a python script ? that way i can import libraries etc. Error is "exception" : "ReferenceError: "btoa" is not defined. (#4)\norg.mozilla.javascript.EcmaError: ReferenceError: "btoa" is not defined. (#4)\r\n\tat org.mozilla.javascript.ScriptRuntime.constructError(ScriptRuntime.java:4563)\r\n\tat org.mozilla.javascript.ScriptRuntime.constructError(ScriptRuntime.java:4544)\r\n\tat org.mozilla.javascript.ScriptRuntime.notFoundError(ScriptRuntime.java:4632)\r\n\tat org.mozilla.javascript.ScriptRuntime.getNameFunctionAndThis(ScriptRuntime.java:2478)\r\n\tat org.mozilla.javascript.optimizer.OptRuntime.callName(OptRuntime.java:57)\r\n\tat org.mozilla.javascript.gen._cmd__9._c_script_0(:4)\r\n\tat org.mozilla.javascript.gen._cmd__9.call()\r\n\tat org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:380)\r\n\tat org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3868)\r\n\tat org.mozilla.javascript.gen._cmd__9.call()\r\n\tat org.mozilla.javascript.gen._cmd__9.exec()\r\n\tat org.mozilla.javascript.Context.evaluateString(Context.java:1137)\r\n\tat synfron.reshaper.burp.core.rules.thens.ThenRunScript.lambda$perform$0(ThenRunScript.java:28)\r\n\tat synfron.reshaper.burp.core.rules.thens.entities.script.Dispatcher.lambda$getRunner$0(Dispatcher.java:53)\r\n\tat java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:577)\r\n\tat java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)\r\n\tat java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)\r\n\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)\r\n\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)\r\n\tat java.base/java.lang.Thread.run(Thread.java:1623)\r\n", |
Beta Was this translation helpful? Give feedback.
Oh wow, I'm sorry. I incorrectly assumed it would be a part of the built in JS functions the engine Reshaper uses support. Going to have to make sure that gets added.
In the mean time, the best option is to use Then Run Process. You can call Python or depending on the OS your system might have access to another command line utility accessible via Run Process.