search

PortSwigger / BChecks

BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition
https://portswigger.net/burp/documentation/scanner/bchecks
GNU Lesser General Public License v3.0
588 stars 104 forks source link

[FEATURE] Introducing additional operations during condition verification #171

Open j3ssie opened 5 months ago

j3ssie commented 5 months ago

It would be beneficial if you could incorporate additional operations into the Conditionals section, akin to those available in the Python programming language.

  1. Some commonly needed use cases include comparing status codes or the lengths of response bodies, such as {check.response.status_code} >= 300 or length({base.response.body}) > length({check.response.body}).

  2. Suppose I have defined a list of intriguing strings/regex patterns in the defined section, as shown below.

define:
    message = 
        "Message\":\"Invalid web service call",
        "Exception of type",
        "Server Error in '",
        "Server Error in Application"

I desire the capability to perform the conditional in or contains operation, such as {check.response.body} contains {message} or {message} in {check.response.body}

Michelle-PortSwigger commented 5 months ago

Thanks for the feedback.

We can't make any promises at this stage, but we've made a note of your requests so they can be reviewed as we expand the capabilities of BChecks.