Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Intruder / Macro question

bb | Last updated: Oct 07, 2015 11:23AM UTC

Hi, I'm trying to get a macro working with intruder. The sequence I am trying to repeat is : POST XML data to server1/service.svc Receive a token from server one (in the response it can be found between <token> and </token> Send that token to a different server - in this instance GET server2/page.aspx?token=[value extracted from response from server1] After googling and reading the forums, my understanding is that if I perform these actions in the browser, I can go to Options -> Sessions -> Macro and add a macro. From there I can select the steps that I followed and add them into the macro editor. Within the macro editor I configure the items that I want. So I select the POST request, Configure that item, define a Custom Parameter response - From [<token>] to [</token] and provide it a name for use later on (for example NewToken) I then configure the GET request and in parameter handling I should be able to pass the value NewToken to the token parameter. I am experiencing several issues. Firstly, when trying to configure the GET request, I have no option to use the NewToken variable, I only have the option to use a preset value or Derive from prior response. However the Derive from prior response only gives me a dropdown of Response 1. When testing the macro, Response 1 does not appear to be populating with anything. As a result I am unable to pass the token. I am using Burp Po 1.6.28 Many thanks in advance for any assistance you can offer.

PortSwigger Agent | Last updated: Oct 07, 2015 02:21PM UTC

It sounds like you might need to give the correct name to the configured custom parameter. If this parameter is called "token" in the later maco request, then you should give the custom parameter this name when it appears in the earlier macro response. Burp should then be able to match these and update the value in the later request.

BarakH | Last updated: Aug 10, 2021 04:03PM UTC

should i use any special syntax?

Ben, PortSwigger Agent | Last updated: Aug 11, 2021 08:25AM UTC