Burp Suite User Forum

Login to post

Macro - Define custom parameter

William | Last updated: Aug 17, 2020 04:33PM UTC

Hi, Today for the first time I needed to use the macro feature in Burp. Together with a college we’ve puzzelt a bit while we were reading an access_token from a oAuth POST response that we needed to be added into a Bearer-header on a random next API call. While struggling we noticed that the Macro Define Custom Parameter screen isn’t as forthcoming as we would expect. When defining a custom parameter, there isn’t a way to see if it was defined correctly using any of the interfaces following that screen. Hitting test won’t show the parameters that have been filled, and the table in the macro screen doesn’t show those custom parameters. Also, when using the repeater, it seems to be “a bit hidden” that a parameter has been replaced with a macro value. My request: (1) add a way to see if parameters were successfully created in test and (2) use some form of visual hint in the repeater that the request has been changed by a macro.

Hannah, PortSwigger Agent | Last updated: Aug 19, 2020 09:16AM UTC

Hi Did you try using the sessions tracer to see how your session handling rule/macro was being handled? I can make a feature request to make it more obvious when a request has been edited by a session handling rule. However, we have a large backlog of feature requests at the moment, so I cannot provide an ETA for when this functionality will be implemented.

You need to Log in to post a reply. Or register here, for free.