You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The extension, as ran on Kali fully up to date (7/12/2020) and Burp fully up to date (2020.6) when sending a request to Intruder and manually specifying locations to run autoscans on is injecting payloads into locations not specified.
To reproduce simply send a content-type application/json message with several parameter and value pairs and specify the locations and right click and sent to an auto-scan that is running or create a new one to send it to.
Observe requests being sent in the session tracer or by passing to another upstream proxy.
This is not desired behavior because it wastes time, and it could have potentially detrimental affects to the environment under test.
The text was updated successfully, but these errors were encountered:
The extension, as ran on Kali fully up to date (7/12/2020) and Burp fully up to date (2020.6) when sending a request to Intruder and manually specifying locations to run autoscans on is injecting payloads into locations not specified.
To reproduce simply send a content-type application/json message with several parameter and value pairs and specify the locations and right click and sent to an auto-scan that is running or create a new one to send it to.
Observe requests being sent in the session tracer or by passing to another upstream proxy.
This is not desired behavior because it wastes time, and it could have potentially detrimental affects to the environment under test.
The text was updated successfully, but these errors were encountered: