Burp Suite User Forum

Login to post

Intruder redirect from 201 response

Russell | Last updated: Sep 02, 2022 03:36AM UTC

As the title said, it would be great if intruder allows this to happen. We've come across this scenario of bruteforcing things and the response we wanted was on the following page after the 201 response.

Hannah, PortSwigger Agent | Last updated: Sep 02, 2022 03:27PM UTC

It may be possible to use the Extender API to create a workaround for this behavior. You could try rewriting the response from a 201 to a 301/302 response and then set Intruder to automatically follow redirects (as per normal). You can find a simple extension that demonstrates modifying a response here: https://github.com/Hannah-PortSwigger/ModifyResponse/blob/main/modifyResponse.py You would want to only target Intruder items that have a 201 response. You can find our documentation on the Extender API, and other example extensions here: https://portswigger.net/burp/extender

You need to Log in to post a reply. Or register here, for free.