Extracting Miscellaneous Parameters
7. Select a parameter matching method from the Parameter match list.
When choosing the method, note that the Exact parameter, Start of parameter, Start of
parameter (expand), End of parameter, Value RegEx, and Custom RegEx methods
are applied to the request URL while the Search group method is applied to the response body. The following matching methods are supported:
Exact
Report the specified parameter or the parameter and value.
Usage syntax
'name=value' or just 'name'.
Source
By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header.
If more than one option is selected, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found.
Method of matching parameters
Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter.
Limitations
A case-insensitive match is performed; no wildcard characters are permitted in the string. So, the wildcard character “*” is taken literally.
Combining parameters
If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand “&” character.
Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match.
Examples
You can specify 'john', to match http://host.com/page?john, though
note that in this case http://host.com/page?john=123 will not be reported because the parameter value '=123' was not explicitly specified. To match it,
you would need to specify 'john=123'. Start
Report parameters that begin with a specified string; report only the matched pattern, truncate any remainder of the parameter.
Usage syntax
'name=value' or any initial part of it this string, including string of the form 'name=' or just 'name'.
Source
By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header.
If more than one option is selected, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found.
Method of matching parameters
Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter.
Limitations
A case-insensitive match is performed; no wildcard characters are permitted in the string.
Combining parameters
If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand “&” character.
Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match.
Examples
'fred=5' will match http://host.com/page?fred=500ab but it will be
reported as http://host.com/page?fred=5. The value 'fred' will match http://host.com/page?fred=500ab as well as
http://host.com/page?fred and it will be reported as
http://host.com/page?fred.
Start (expand)
Report parameters which begin with a specified string; report the entire parameter, not only the matched pattern.
Usage syntax
'name=value' or any initial part of it this string, including string of the form 'name=' or just 'name'.
Source
By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header.
Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found.
Method of matching parameters
Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter.
Limitations
A case-insensitive match is performed; no wildcard characters are permitted in the string.
Combining parameters
If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand “&” character.
Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match.
Decoding and decompression
The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected.
Examples
'fred=5' will match http://host.com/page?fred=500ab and it will be
reported as http://host.com/page?fred=500ab. The value 'fred' will match http://host.com/page?fred=500ab as well as
http://host.com/page?fred and it will be reported as
http://host.com/page?fred=500ab and http://host.com/page?fred
respectively.
End
Report parameters which end with a specified string; report the entire parameter, not only the matched pattern.
Usage syntax
'name=value' or any final part of it this string, including string of the form '=value' or just 'value'.
Source
By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header. Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found.
Method of matching parameters
Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter.
Limitations
A case-insensitive match is performed; no wildcard characters are permitted in the string.
Combining parameters
If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand “&” character.
Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match.
Examples
For http://host.com/page?john=100' to be matched, you can specify the
following ends: '0', '00', '100', '=100', 'n=100' and so on, up to 'john=100'. Thus http://host.com/page?john=100 is reported.
Value RegEx
Report parameters which begin with a specified string; optionally attempt to match the remainder of the parameter with a regular expression; report the start string and selected portions of the regular expression, if any.
Usage syntax
Parameter is entered as name=value or any initial part of it this string including string of the form name= or just name. A regular expression (regex) is entered
as an extended POSIX regular expression.
Source
By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header.
Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found.
Method of matching parameters
Parameters are identified in the request URL, POST body, or HTTP header by searching for the appropriate separator characters, as defined for the analysis of HTTP. After individual parameters have been identified a match is attempted for each parameter.
Limitations
A case-insensitive match is performed on the Parameter part; the regex part is matched as a case-sensitive POSIX regular expression.
Combining parameters
If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand “&” character.
Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match.
Decoding and decompression
The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected.
Examples
parameter specification fred= and a regular expression AB(C?E) will match http://host.com/page/fred=ABCDE but it will be reported as
http://host.com/page/fred=CDE because the AB portion of the regular expression was not included in round braces.
Custom RegEx
Report parameters that match the given regular expression; report those portions that have been selected within the regular expression.
Usage syntax
Enter an extended POSIX regular expression to match the desired string. Mark portions to be reported by using round braces “(” and “)”.
Source
By selecting the appropriate check box, you can cause the parameter to be searched for in the request URL, POST body, or HTTP header.
Note that more than one option can be selected, and in such a case, the selected parameter sources are searched for in sequence, in the order specified for HTTP analysis, until the first match is found.
Method of matching parameters
The request URL, POST body, or HTTP header are not split into parameters prior to pattern matching. Instead, they are treated as single units of data and the regular expression is applied to their entire contents. Only the path part of the request URL is excluded from the matching process.
Limitations
The regular expression is entered according to POSIX syntax.
Combining parameters
If you have defined more than one parameter for a given URL, for a match to be successful all specified parameters have to be matched. When all matches are found, the reported string then contains a concatenation of all the matched parameters, separated by the ampersand “&” character.
Note that for a single URL, different parameters can be extracted from different portion of the HTTP packet, request URL, POST body, or HTTP header, and combined into a single match.
Decoding and decompression
The string to match the regular expression is first optionally decoded and decompressed, if the appropriate encoding and compression is selected.
Examples
Regular expression fred=AB(C?E) will match
http://host.com/page/fred=ABCDE but it will be reported as
http://host.com/page/CDE.
Regular expression (.*=)AB(C?E) will match http://host.com/page/fred=ABCDE as well as
http://host.com/page/joe=ABCDE and it will be reported as
http://host.com/page/fred=CDE and as http://host.com/page/joe=CDE
respectively.
Search group
Report the text found in the response body between the first occurrences of strings defined by Match start and Match end.