Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How do I change a http header value for active scan with stored state file?

Pauline | Last updated: May 06, 2015 03:26PM UTC

Hi, One of applications I am testing is using authorization header for authentication. I stored the state and want to use it for active-scan next time. Would you advise me how to change the authorization header value in stored request messages? Thank you in advance.

PortSwigger Agent | Last updated: May 07, 2015 02:49PM UTC

There isn't currently a trivial way to do this in Burp's native functionality. We have a pending feature request to support automatic modification/addition of HTTP headers via session handling rules (similar to the way they work for parameters), which would work nicely for this task. In the meantime, I can think of two workarounds: 1. Chain a second instance of Burp as upstream proxy from the first, and configure Proxy match/replace rules to add/rewrite the header. 2. Write a quick extension to register an IHttpListener, and modify each outgoing request as required.

Burp User | Last updated: May 13, 2015 04:04PM UTC

Can you advise as to the 2nd workaround? I want to know how I can modify the header value and build the request with it again. Thanks!

Burp User | Last updated: May 13, 2015 08:02PM UTC

Please don't mind the previous request. I successfully made the extension. Thanks.

PortSwigger Agent | Last updated: May 14, 2015 07:57AM UTC

Hi Peter, Unfortunately, no progress so far. However, you can use the Custom Parameter Handler extension in the BApp Store.

Burp User | Last updated: Dec 18, 2017 10:31PM UTC

Any progress on including this in the session handling rules? It was the first place where I looked for it and was surpised not finding it...

Burp User | Last updated: Feb 20, 2018 01:36AM UTC