Burp Suite User Forum

Create new post

Analyzing different response page with Intruder & Scanner

Philip | Last updated: Mar 21, 2017 04:42PM UTC

Can Burp do the following scenario: Request Page: www.example.com/account=123 Response Page: www.example.com/account-submitted View Account: www.example.com/viewAccount So I would like Burp intruder to submit the request www.example.com/account=123 but analyze a different page www.example.com/viewAccount rather than the response of www.example.com/account=123. And is it possible to do it for the Scanner. I've looked at Macros in Burp but not sure if its possible. I guess this is like a Second Order SQL scenario but this would be for many issues. Thanks

PortSwigger Agent | Last updated: Mar 22, 2017 11:04AM UTC

Yes, you can do this with a post-request macro. Create a session handling rule that runs a macro to fetch your retrieval URL, and configure the rule to send the macro response back to the invoking tool. Set a suitable scope for the rule to include your Intruder attack. Then run your Intruder attack against the submission request.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.