Question

[0xspade]

Is it possible to detect a HTTP response with a regex?

[JaveleyQAQ]

https://portswigger.net/burp/documentation/scanner/bchecks/bcheck-definition-reference

[Michelle-PortSwigger]

The worked examples also include different ways of matching responses that you might find helpful to get you started: https://portswigger.net/burp/documentation/scanner/bchecks/worked-examples

[0xspade]

Oh I see, what kind of regex does bcheck supports? Java, Python, PHP?

[JaveleyQAQ]

Oh I see, what kind of regex does bcheck supports? Java, Python, PHP?

java

[0xspade]

@Michelle-PortSwigger and team,

I have another question, How to make this bchecks script as a passive scan?

[JaveleyQAQ]

@Michelle-PortSwigger and team,

I have another question, How to make this bchecks script as a passive scan?

[0xspade]

I thought just placing tags: "passive" will make it "passive". lol.

[Michelle-PortSwigger]

It's about the steps you take within the BCheck, Passive checks are ones that inspect traffic passing through Burp without sending any additional requests. You can find an example one here: https://portswigger.net/burp/documentation/scanner/bchecks/worked-examples/passive

I hope this helps :)

[0xspade]

@JaveleyQAQ @Michelle-PortSwigger

Does appending queries applies to GET, POST and other HTTP methods?

If POST method, does appending queries will append a POST data parameter and value?

How about handling JSON?

[Michelle-PortSwigger]

Hi

appending queries will simply add the query to any URL. If you're looking to make changes to JSON queries that are contained in the body, you'll need to use different techniques. Is there something specific you're working on? If so, feel free to send us an example if you need any help.

[0xspade]

I like to append a parameter if the request method is POST and GET, as well as if the POST data is json or the traditional url encoded.

[Michelle-PortSwigger]

appending queries will add the query to the URL of GET and POST. If you're wanting to change the parameters contained as JSON in the body of the request, then you'll probably need to look at using regex to make changes to the body. Please let me know if you have any questions on that side of things.

[0xspade]

Hi Guys,

@JaveleyQAQ @Hannah-PortSwigger @Michelle-PortSwigger

I have another question, is it possible to put a multiple variable in run for each?

[JaveleyQAQ]

Hi Guys,

@JaveleyQAQ @Hannah-PortSwigger @Michelle-PortSwigger

I have another question, is it possible to put a multiple variable in run for each?

I suggest you observe more scripts in the repository and search for the desired functions. This will deepen your understanding

[Michelle-PortSwigger]

@0xspade You can’t do this currently. Run for each is simply running through a list of strings.

A future feature enhancement may include support for tuples which would make the run for each construct more powerful and hopefully fit your use case.