Skip to content

Commit

Permalink
inql.burp_ext.contextual: remove Content-Type from GET requests
Browse files Browse the repository at this point in the history 
Content-Type in GET requests confuse many /graphql implementations and therefore break the magic
  • Loading branch information
@thypon
thypon committed Aug 2, 2021
1 parent 2ae424f commit 0cd8a55
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion inql/burp_ext/contextual.py
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import json
import re

try:
import urllib.request as urllib_request # for Python 3
Expand Down Expand Up @@ -155,10 +156,12 @@ def send_to_repeater_get_query(self, host, payload):
self._overrideheaders[host] = []

metadata = override_headers(metadata, self._overrideheaders[host])
# remove Content-Type on GET requests
metadata = re.sub(r'(?m)^Content-Type:.*\n?', '', metadata)
content = json.loads(payload)
if isinstance(content, list):
content = content[0]
metadata = override_uri(metadata, method="GET", query=urlencode(json_encode(clean_dict(content))))
metadata = override_uri(metadata, method="GET", query=urlencode(querify(clean_dict(content))))

repeater_body = StringUtil.toBytes(string_join(
metadata,
Expand Down

0 comments on commit 0cd8a55

Please sign in to comment.