TL;DR
Burp Suite’s repeater doesn’t automatically handle newline characters (n) as line breaks. You need to explicitly tell it to interpret them correctly using macros or by encoding the newlines.
Solution Guide
- Understand the Problem: Burp Suite Repeater treats
nliterally, displaying it as text instead of creating a new line. This is common when testing applications expecting specific formatting in requests or responses. - Method 1: Using Macros (Recommended)
- Open the request in Burp Suite Repeater.
- Go to ‘Match & Replace’.
- In the ‘Search’ field, enter
n. - In the ‘Replace with’ field, enter
%0A(URL encoded newline). Alternatively, use - Select ‘Regular expression’.
- Click ‘Replace all’. This will convert all instances of
nto their encoded equivalent within the request.
- Method 2: Manual Encoding in Repeater
- Open the request in Burp Suite Repeater.
- Directly edit the request text.
- Replace each
nwith either%0A(URL encoded),
- Method 3: Using Intruder with Payload Positions
- If injecting newlines through Intruder, define a payload position around the area where you want the newline.
- In the ‘Payload Options’ tab, select ‘URL encoding’. This will automatically encode any newlines in your payloads.
- Example: Let’s say you have this request:
POST /login HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded username=testnpassword=secretTo add a newline between ‘test’ and ‘password’, use the macro method to replace
nwith%0A. The resulting request will be:POST /login HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded username=test%0Apassword=secret - Testing the Result: After applying any of these methods, send the modified request and check if the application correctly interprets the newline character. Inspect the server response to confirm the expected behaviour.