Burp Suite User Forum

Login to post

Deobfuscate Request/Response in logs

Samuel | Last updated: Mar 18, 2021 02:32AM UTC

I recently came across an application that obfuscates its request/response field names, I ended up finding the de-obfuscated names in the source and wanted to translate these names automatically to make testing easier. I was searching for an extension that would allow me to do match/replace only visually in the proxy logs without affecting the actually request/response between the application and the server but could not find any. With some extender dev experience I decided to start making one, my only problem is that I don't believe burp actually provides api functionality that will allow me to change the req/resp that proxy logs receive without modifying the actually req/resp that gets sent/recv by the server like IProxyListener does. Does anyone know of an api function that would allow me to achieve this or better yet an extension that has already been made? I feel like this is a pretty common problem that testers faced, I would be surprised if someone hasn't found a solution before.

Michelle, PortSwigger Agent | Last updated: Mar 18, 2021 03:38PM UTC

Although you can't change this in the Proxy History tab, you could possibly make an extra tab that copies details over and modifies them to make it more readable. This might be useful for ideas: https://github.com/PortSwigger/example-custom-editor-tab Please let us know if you've got any further questions.

Samuel | Last updated: Mar 19, 2021 02:59PM UTC

Ah ok I like of the idea of creating an extra tab, is there api exposed to add an extra tab on the 'Message analysis toolbar' on the request panel? Beside the 'Pretty','Raw','\n' tabs?

Samuel | Last updated: Mar 19, 2021 04:44PM UTC

should have done a bit more research before asking this question, I've found IMessageEditorTab and that should work good for my usecase. My only issue seems to be that the "Select extension..." tab that should be visible on the message editor does not appear, anyone know why?

Samuel | Last updated: Mar 19, 2021 05:00PM UTC

Everything is solved now thanks

You need to Log in to post a reply. Or register here, for free.