Issues with replacement not working

simioni87 / auth_analyzer

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.

MIT License

184 stars 47 forks source link

Issues with replacement not working #41

Closed AkikoOrenji closed 1 year ago

AkikoOrenji commented 1 year ago

Using 1.1.13 and have configured a CSRF match which is working fine as can see the value being populated in the header i've specified.

The problem is its not replacing the Parameter found in the following Multipart request body. Not shown in the image above is that its just a POST request.

Am i missing something or should the _csrf be replaced with my value ? \ thanks

simioni87 commented 1 year ago

You named your parameter CSRF but actually it is called _csrf

AkikoOrenji commented 1 year ago

Thanks for pointing out my mistake. So if it needs to go into a second parameter just create another with a different name to match that parameter ?

simioni87 commented 1 year ago

Yes of course. But you can also set the same parameter as an insertion point within the header. https://github.com/simioni87/auth_analyzer#auto-extract-and-insert-a-bearer-token https://github.com/simioni87/auth_analyzer#parameter-replacement