albinowax
commented
7 years ago What kind of issue is this?
Open irsdl opened 7 years ago
albinowax
commented
7 years ago What kind of issue is this?
irsdl
commented
7 years ago There are multiple. For example just now in my new test I have it trying to Fuzz the end of the URL but has selected something in the URLbefore the payload - perhaps it cannot predict the length after the new payload is added?
albinowax
commented
7 years ago It's meant to highlight the random string it injects just before the actual payload. The odd thing is it works for me fine in testing. With that latest screenshot, are you using manual insertion points specified using the intruder?
albinowax
commented
7 years ago Judging by that last screenshot, you're probably not using the latest release of backslash powered scanner. Can you try updating and see if the issue still exists?
irsdl
commented
7 years ago I removed my comment - my Backslash powered scanner was outdated - will let you know how it goes on my next tests...
albinowax
commented
7 years ago Closing this, feel free to reopen if you notice the issue in the latest version.
irsdl
commented
7 years ago That's fine. It will probably be in two weeks that I have a test for it.
irsdl
commented
7 years ago I can still recreate the issue using the latest version. It has selected this as "Magic value: null" while it had to selected the "undefined" bit - it is exactly the same in the other requests as well:
SamJoan
commented
6 years ago I can verify this still occurs on the latest version obtained from the BApp store.
Not a big issue for me though
when an issue is found using the automated scanner and this extension, it selects (highlight) an irrelevant part of the request rather than the actual input.