Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

HTTP Proxy Mutating Methods

ichossef | Last updated: Nov 28, 2023 03:49PM UTC

Hi team, I have been using the montoya APIs for quite sometime now https://portswigger.github.io/burp-extensions-montoya-api/javadoc/burp/api/montoya/proxy/ProxyHttpRequestResponse.html One of the things I'd hoped for is mutating methods in order to modify the request in the proxy history. I am trying to hide sensitive data before the project is shared. Is there any workarounds or is it in the roadmap ? Thank you, Regards

Hannah, PortSwigger Agent | Last updated: Nov 29, 2023 10:35AM UTC

Hi Unfortunately, this is not possible. At the point where the HttpRequestResponse has entered your proxy history, it is not a changeable object. The HTTP History records the information that passes through the proxy. Even if you modify your requests as part of a ProxyHandler, the Proxy History will still display the original and edited request. To hide sensitive data before the project is shared, you would need to identify and delete requests that contain sensitive data. After that, save a copy of your project file and distribute the copy. If there is no data that you are interested in sharing in your Proxy tab, you can save a copy of your project file and exclude that tool data from your copy. Please let us know if you need any further assistance.

ichossef | Last updated: Nov 30, 2023 04:47PM UTC

Hi Hannah, Burp has already the possibility to delete items from the proxy history, for this I am wondering why this functionality is not exported to an API ? Thanks Regards

Hannah, PortSwigger Agent | Last updated: Dec 01, 2023 02:07PM UTC

Hi Thank you for the further information! As you mention, we do not have this functionality in the Montoya API. Removing items from the Proxy History is a manual process. We have a feature request raised to add this functionality to the Montoya API, to which I have added your +1. We do not have an estimated timeframe for when this work will be completed, but we are monitoring the popularity of this feature request in order to help us prioritize this in the future. If there's anything else we can help with, or any other functionality that you'd like us to raise a feature request for, then please let us know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.