Burp Suite User Forum

Create new post

bypass business validation

muneer | Last updated: Jan 06, 2019 02:43PM UTC

in chrome there addon that can send a lot of request as same time, is there any way to do that in burp, the purpose is to bypass business validation, for example App must not allow to register more than one user by same ID but as there is no restriction on DB level and the validation only on App level the app going to accept more that user(request) with same ID, so again how to test this scenario in burp please

PortSwigger Agent | Last updated: Jan 07, 2019 08:16AM UTC

What's the Chrome addon? It sounds interesting. Intruder is the Burp tool for sending repeated requests. You could use Intruder to test for this, although you'd need to set up each test manually. There are a number of extension for testing authoization: Autorize, Auth Matrix, Multi Session Replay. There is also the compare site maps feature within Burp.

Burp User | Last updated: Jan 07, 2019 09:37AM UTC

sorry it is not addOn, it is just using Emulate network connectivity in Chrome to stop all requests and send all of them in one time

PortSwigger Agent | Last updated: Jan 07, 2019 09:57AM UTC

Understood. You can do similar within Burp by turning on Intercept.

Burp User | Last updated: Jan 08, 2019 05:31AM UTC

Thanks i did turn on the intercept then use "request in browser " to send the request again and again then turn off the intercept

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.