Looking for our research? We've moved it to a dedicated page

[MoBP] Custom form filling rules

Dafydd Stuttard | 12 November 2008 at 07:29 UTC
MoBP burp

One cool feature that Burp Spider always had was the ability to submit HTML forms whilst spidering, either by prompting the user to supply suitable values, or by automatically filling in text fields with a default value.

This feature is now getting more flexible, with the ability to configure customised rules for filling in forms, by specifying the value that should be used based on the name of the individual form field:

Supplying valid input in forms is particularly important when spidering a web application, to increase the likelihood that the input is accepted by the application, enabling the spider to access the content that is reached by submitting the form. Burp comes with a set of default rules that have proven successful when automatically submitting form data to a wide range of applications. Of course, you can modify these or add your own rules if you encounter form field names that you want to submit specific values in.