I implemented a website using the vaadin-framework. When I send a request to my server, there is some data in my POST-Request which looks like:
{"csrfToken":"3df2f528-15c7-434c-8505-539be1c44157","rpc":[["13","v","v",["text",["s","Nazar Medeiros"]]],["13","v","v",["c",["i",4]]],["15","com.vaadin.shared.ui.button.ButtonServerRpc","click",[{"altKey":false,"button":"LEFT","clientX":82,"clientY":286,"ctrlKey":false,"metaKey":false,"relativeX":45,"relativeY":18,"shiftKey":false,"type":1}]]],"syncId":3,"clientId":3}
Now the interesting part for me are three parameters:
Nazar Medeiros,"syncId":3and"clientId":3".
The content (Response) I receive from the server looks like:
for(;;);[{"syncId": 4, "clientId": 4, "changes" : [["change",{"pid":"13"},["1",{"id":"13"}]]], "state":{"13":{"text":"Nazar Medeiros"}}, "types":{"13":"1","25":"19","26":"21","6":"20"}, "hierarchy":{"25":[],"26":[],"6":["7","10","11","12","25","26"]}, "rpc" : [["25","com.vaadin.shared.data.DataProviderRpc","resetDataAndSize",[0]],["25","com.vaadin.shared.data.DataProviderRpc","setRowData",[0,[]]]], "meta" : {}, "resources" : {}, "timings":[3306, 1]}]
I want to use burp suite and a macro for an automatic fuzzing process. When I use another value instead of Nazar Medeiros I have to increase clientId and syncId by 1 for each request.
What I have done so far, is to configure a macro with the two parameters. But the problem is that using the macro gives me not the result I want.
for(;;);[{"syncId": 26, "resynchronize": true, "clientId:4"...
The syncId is increased by 2 instead of 1 whereas the clientId remains at the same value.
One solution I used (without macros) was to send the three paramteres to the Intruder, set the payload option to Pitchfork and give each of them a payload. The payload for syncId and clientId is the same and contains numbers for increasing the values at each request. To use this approach you have to be sure that clientId and syncId start at 0 (refresh the page). Otherwise the numbers do not fit to the requests.
I would be very happy if some could give me a better solution. Best regards, Nazar Medeiros
