Add url_encode function

[KinofRikin]

Is there a url_encode function? Or there is a way to url encode the value of parameter? I visit the page:https://portswigger.net/burp/documentation/scanner/bchecks/bcheck-definition-reference#actions, and I can't find the url_encode function.

[TheButcherRepository]

Great Idea, It could definitively be useful in some case.

Meanwhile depending on your use case, you might want to try using regex_replace

 regex_replace (String source, String regex, String replacement) 

Since most of the time, you only need to encode certain special char (? & " ' > < % $ etc..)
you could create multiple Regex_replace to encode or decode depending on the situation (Ex: Replacing " by %22 or vice versa)

This is not a bulletproof solution, but it might do the job for the moment !

[Hannah-PortSwigger]

Thanks for the feedback! This is not currently part of our existing functionality, but we've noted this feature request :)

As TheButcherRepository suggests, you may be able to use regex_replace as a workaround.

[KinofRikin]

Thanks.

[virusvfv]

Hello All.
I think that url_encode will be very useful function.
For example:
Suppose that we have some fuzz-list for RCE: "||ping 127.0.0.1", "&& ping 127.0.0.1", "; ping 127.0.0.1", etc...
If we set insertion point in GET request - Then Bcheck have to URL Encode each FUZZ element and then send it.
If insertion points are set in Header or Cookie then Bcheck does not encode fuzz-list elements.
So url-encoding is life-necessary for bchecks !

[Hannah-PortSwigger]

Generally speaking, specific insertion points should handle payload encoding to a certain degree.

We do agree that this would be a handy function to have, and have added your +1 to this feature request.