Payload Processing

The payloads generated by the configured payload type can be further manipulated using various payload processing rules and payload encoding.

Payload Processing Rules

You can define rules to perform various processing tasks on each payload before it is used. The defined rules are executed in sequence, and can be toggled on and off to help debug any problems with the configuration. Payload processing rules are useful in many kinds of situation where you need to generate unusual payloads, or need to wrap payloads up within a wider structure or encoding scheme prior to use.

The following types of rule are available:

  • Add prefix - This adds a literal prefix before the payload.
  • Add suffix - This adds a literal suffix after the payload.
  • Match / replace - This replaces any parts of the payload that match a specific regular expression, with a literal string.
  • Substring - This extracts a sub-portion of the payloads, starting from a specified offset (0-indexed) and up to a specified length.
  • Reverse substring - This functions as for the substring rule, but the end offset is specified counting backwards from the end of the payload, and the length is counted backwards from the end offset.
  • Modify case - This modifies the case of the payload, if applicable. The same options are available as for the case modification payload type.
  • Encode - This encodes the payload using various schemes: URL, HTML, Base64, ASCII hex or constructed strings for various platforms.
  • Decode - This decodes the payload using various schemes: URL, HTML, Base64 or ASCII hex.
  • Hash - This carries out a hashing operation on the payload.
  • Add raw payload - This adds the raw payload value before or after the current processed value. It can be useful, for example, if you need to submit the same payload in both raw and hashed form.
  • Skip if matches regex - This checks whether the current processed value matches a specified regular expression, and if so, skips the payload and moves onto the next one. This can be useful, for example, if you know that a parameter value must have a minimum length and want to skip any values in a list that are shorter than this length.
  • Invoke Burp extension - This invokes a Burp extension to process the payloads. The extension must have registered an Intruder payload processor. You can select the required processor from the list of available processors that have been registered by currently loaded extensions.

Payload Encoding

You can configure which characters within the payload should be URL-encoded for safe transmission within HTTP requests. Any configured URL-encoding is applied last, after any payload processing rules have executed.

It is recommended to use this setting for final URL-encoding, rather than a payload processing rule, because the payload grep option can be used to check responses for echoed payloads before the final URL-encoding is applied.