Able to remove 'closing single quotation marks' While calling %

[osamahamad]

That gonna be so helpful, regarding the reason: some tools does not accept URL ( %U ) due the fact that the extension is generating them closed by single quotations, example : FFUF -u %U/FUZZ , gonna generate 'url.com'/FUZZ and NOT url.com/FUZZ

I didn't find an option for example :

%U

'www.google.com'

Like to happen :

www.google.com

Hopefully there will be a feature to remove those quotes. Also, if some tools need single quotation then the user can pass them like '%U' I guess.

Thanks in advance!

[bytebutcher]

Hi osamahamad, thanks for reporting this issue. The reason for the single quotations is to avoid accidental code injection. Allow me some time to review and think about how to best address this. In the meantime you might want to use burp-send-to-extension 1.5b which adds a checkbox to the "Send to" tab which allows you to disable the "Surround placeholders with single quotes automatically (safe mode)" globally.

[osamahamad]

Hi @bytebutcher , I'm so grateful. I just installed 1.5b and it works like a charm. Going to add more commands on Sunday night to prepare it for everyday use. Appreciate your efforts. Also, regarding accidental code injection, IMO I think you already addressed it by implementing command preview feature + Terminal Options. Gonna close this as it is perfectly resolved.