From 3682e13002eb9cdd72401bc96f4f1ac91ec62a5c Mon Sep 17 00:00:00 2001
From: soffensive <soffensive>
Date: Thu, 3 Dec 2020 11:15:20 +0100
Subject: [PATCH] Add option for disabling cachebuster when performing guessing
 attacks

---
 src/burp/BurpExtender.java    | 1 +
 src/burp/PayloadInjector.java | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/burp/BurpExtender.java b/src/burp/BurpExtender.java
index 656ffa5..974080b 100644
--- a/src/burp/BurpExtender.java
+++ b/src/burp/BurpExtender.java
@@ -72,6 +72,7 @@ public void registerExtenderCallbacks(final IBurpExtenderCallbacks callbacks) {
         settings.put("lowercase headers", true);
         settings.put("name in issue", false);
         settings.put("canary", "zwrtxqva");
+        settings.put("enable cachebuster for guessing",true);
 
         new Utilities(callbacks, settings, name);
         loadWordlists();
diff --git a/src/burp/PayloadInjector.java b/src/burp/PayloadInjector.java
index 25589c8..b9120d1 100644
--- a/src/burp/PayloadInjector.java
+++ b/src/burp/PayloadInjector.java
@@ -154,7 +154,9 @@ Attack probeAttack(String payload) {
         //IParameter cacheBuster = burp.Utilities.helpers.buildParameter(Utilities.generateCanary(), "1", IParameter.PARAM_URL);
         //request = burp.Utilities.helpers.addParameter(request, cacheBuster);
         //request = burp.Utilities.appendToQuery(request, Utilities.generateCanary()+"=1");
-        request = Utilities.addCacheBuster(request, Utilities.generateCanary());
+        if (Utilities.globalSettings.getBoolean("enable cachebuster for guessing")) {
+            request = Utilities.addCacheBuster(request, Utilities.generateCanary());
+        }
 
         IHttpRequestResponse requestResponse = burp.Utilities.attemptRequest(service, request);
         return new Attack(requestResponse, null, null, "");