Content-Length does not change when injecting tokens into request bodies

NetSPI / BurpExtractor

A Burp extension for generic extraction and reuse of data within HTTP requests and responses.

90 stars 29 forks source link

Content-Length does not change when injecting tokens into request bodies #6

Open ilatypov opened 4 years ago

ilatypov commented 4 years ago

Content-Length does not change when injecting tokens into request bodies

I am using the version of BurpExtractor from PortSwigger which is currently 11 commits behind the upstream.

ilatypov commented 4 years ago

The same is observed with this project's latest.

ilatypov commented 3 years ago

This may cause the very first request(s) of Scan to lock up waiting on HTTP response where the HTTP request did not fill the claimed Content-Length size.

https://forum.portswigger.net/thread/requests-showing-1-status-and-response-length-48aee98c

As a work-around, I wrapped my head around this and "learned" to "turn on" the extractor's rules only after starting the scan and observing new token finds updating in the top of the Extractor tabs.