search

JGillam / burp-paramalyzer

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
http://jgillam.github.io/burp-paramalyzer/
154 stars 26 forks source link

Parameter analysis POST requests #11

Closed Hipapheralkus closed 4 years ago

Hipapheralkus commented 6 years ago

regular POST parameters are not shown in the Analysis. Fore example, neither password, not userid is shown: image I would like to see all the userid parameter values which are used, but there are no such entries.

JGillam commented 6 years ago

That's odd. Paramalyzer pulls its interpretation of input parameters directly from Burp Suite's API, so it should be seeing those. I will investigate.

JGillam commented 6 years ago

@Hipapheralkus I'm not seeing this issue on the BAppStore version of Paramalyzer. Please check that the Target --> Scope tab has rules that are inclusive for this request.

One way to know for certain is if you right-click on that request, if you see the option to "Remove from Scope" then it is already considered in scope and will be processed by Paramalyzer. But if you see the option to "Add to Scope", then Paramalyzer will not process that request.

Let me know if it is in scope and I will investigate further.