Regular updates about Websecurify free and premium website scanners, proxies, fuzzers and insight knowledge about SQL Injection, Cross-site Scripting and other vulnerabilities

Hidden Features - Suite Editor

Websecurify Suite has a lot of hidden awesome features you can use in your own creative ways. For example the Editor is a tool extensively used across all applications where http request/response editing and viewing capabilities are required (the Resend and Retest utilities are good examples). However it can be used in a standalone mode as well and this is what we are going to explore in this article.

First let's look at the following listing, which summarises the configurable parameters we can pass to the tool:

Some Practical Examples

Let's say that we want to create an editor for http request but we want to enable the gutter so that we can have line folding capabilities. The exact URL to the application will be: https://suite.websecurify.com/editor#gutter=true&mode=httprequest.

Notice that we are even able to highlight the JSON part of the request based on the content type header. This is awesome.

What else can we do? Let's say that you want to share this request with your esteemed colleagues. How do you do that? Since we are working with the editor directly, the process will be a bit manual but it boils down to getting the value of the editor and embedding it as a property. First we need to encode the content as URL encoded value. We can use Arena for this.

Now we have the value so all we have to do next is to construct the URL which will look like this:

https://suite.websecurify.com/editor#gutter=true&m... trimmed for brevity

As you can see this gives you a great degree of flexibility to allow you to do whatever you want. The most incredible thing about this tool is that unlike other SAAS tools, you are not sending any of your data to us. Notice that all parameters come at the end of the URL as a URL fragment. URL fragments are not sent over the network. This means that the information you encapsulate inside the URL is yours to keep and we only provide just the framework.

The Suite Editor is perfect for sharing information on your internal bug tracking systems or across different teams without the need of copy and pasting or even worse: making screenshots. It is just a link so you can even embed it into PDF, Word and Excel documents.


Petko D. Petkov (pdp), is founder of Websecurify and frontman of the GNUCITIZEN Information Security Think Tank. pdp is a recognized information security researcher, security tools developer, penetration tester, frequent speaker at industry events, and published author who has contributed to several best-selling books in the field of information security.

Comments Powered ByDisqus