Closed tr3harder closed 1 year ago
A-J-C
commented
1 year ago "Is it possible to make check only if base response was 200? If so, can you kindly modify my bcheck" -> Yes this would be possible.
You just need to add an if {base.response.status} is '200' then line between your given request and send request.
I'll wait to approve this PR until that change is made.
tr3harder
commented
1 year ago @A-J-C Hi Alex, I have tried before publishing and it doesnt work for me. Attached screenshot
PortSwiggerWiener
commented
1 year ago try: if {base.response.status_code} is "200" then
tr3harder
commented
1 year ago @PortSwiggerWiener thanks. updated i think i have tried it but nevermind:)
michael-eaton-portswigger
commented
6 months ago @tr3harder As a contributor to our GitHub repository, we would like to invite you to our closed Discord community.
It is a place where passionate Burp users, including people who directly work on building and developing Burp here at PortSwigger, can talk about the tooling and web security in general.
If you would like to join, please email us at support@portswigger.net and we will send over an invite link.
Thank you!
Check for misconfiguration while routing .css, .js, .png files. If it exists attacker can try to chain it using cache deception. More detailed https://book.hacktricks.xyz/pentesting-web/cache-deception#cache-deception Such type of bug was found on OpenAI lately.
Another requirement to find this bug is to have caching service. Because it can be very various user should do this step manually.
I also have a question: Is it possible to make check only if base response was 200? If so, can you kindly modify my bcheck