1.8. encoded parameter injector
this feature is enable to inject pattern to encoded value such as base64 encoded value. you can decode parameter which has encoded value in messageView window and then embeding attack pattern to decoded value on scanning
- select request in sitemap or history tab and add to macrobuilder
- In the RequestRecorder work panel, select request and right-click to popup menu then select messageView
- In messageView, select parameter value which you want to decode
- right+click to popup menu then select Decode
- decode dialog is displayed. In decode dialog, select encoded type which you want to decode value.
- click ok to close dialog,
- In messageView, encoded parameter value is displayed within special pseudo tags
- right+click to popup menu then select Update(You must do this Update action before start scanning.).
In messageView.right+click to popup menu and then select SendMessage
- In the RequestRecorder work panel or status panel(messageView), right+click to popup menu and then select Scan
- In Scan dialg, click DecodeVector tab.
- insert injection vector position which is the same like CustomVector tab.
- click start scan