Burp Suite User Forum

Login to post

Handle IInterceptedProxyMessage BEFORE it's sent to the server?

Joe | Last updated: Jan 22, 2019 11:46PM UTC

This is my first attempt at writing an extension. I would like to intercept certain requests, inspect them, and handle SOME of them BEFORE they are sent to the remote server. In other words, for certain requests, I would like to handle the response entirely in my own code, and have my browser think that the response came from the remote server. I have modified some of the Python example extensions I found in the docs, and so far I have it intercepting proxy responses/requests fine. However I am having trouble when I go to write a response of my own (rather than forwarding the request on to the remote server). I have attempted using the following to write a response to the intercepted request: message.getMessageInfo().setResponse(b'TEST') (Note that I am using Python.) When I attempt this, I get an error message that states "java.lang.UnsupportedOperationException: Request has not yet been issued". ... which is exactly what I am trying to do - handle the request before it has been issued. Is that possible?

Burp User | Last updated: Jan 22, 2019 11:55PM UTC

(note that I should have added: I am using IProxyListener, if that makes any difference)

PortSwigger Agent | Last updated: Jan 23, 2019 10:13AM UTC

The API doesn't directly support this, but there is a workaround. What you can do is run a local HTTP server, and rewrite the incoming message so it's sent to this local server, not the original target. The HTTP Mock extension does this: - https://github.com/PortSwigger/http-mock/ It is on our development plan to provide a more direct way of doing this.

Burp User | Last updated: Jan 23, 2019 04:11PM UTC

Thanks for the reply! I've looked at HTTP Mock, but it doesn't quite do what I need. I'll look into running my own HTTP server though, that looks useful! Looking forward to seeing API support for this some day. :-)

You need to Log in to post a reply. Or register here, for free.