Burp Suite User Forum

Can I change the domain name or IP address in stored state?

Pauline | Last updated: Feb 11, 2015 09:57PM UTC

Hello? I would like to scan actively in domain name B using stored burp state when I scanned passively with domain name A. B would run the same service that A have run. Is this possible? If then, could you let me know how to do it? Thank you.

PortSwigger Agent | Last updated: Feb 12, 2015 09:12AM UTC

There are a few ways that you could achieve this: 1. If the application in the new location tolerates you sending the old Host header (usually the case when the server isn't hosting multiple domains), then you can add an entry at Options / Connections / Hostname Resolution to point the old domain name at the IP address of the new one. 2. You could write a short extension like this one (http://blog.portswigger.net/2012/12/sample-burp-suite-extension-traffic.html) to use the API to change the host of outgoing requests. You could also use the API to update the requests with a different Host header, if necessary. 3. You could chain a second instance of Burp as an upstream proxy from the first. In the second instance, you could configure host redirection at Proxy / Options / Proxy Listeners / Edit / Request Handling. You could also configure a rule at Proxy / Options / Match and Replace to rewrite the Host header, if necessary.

You need to Log in to post a reply. Or register here, for free.