Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Macros with Dynamic URL

Michael | Last updated: Aug 01, 2018 01:46AM UTC

How can this be done with BURP? I can get the macro working if the URLs are always the same but I'm stuck now that my POST requires a dynamic URL. Trying to do this with Macro/Extension: GET - www.domain.com where a POST form with username and password inputs contains a generated URL. POST - pass username and password to the POST form to the generated URL.

PortSwigger Agent | Last updated: Aug 01, 2018 08:55AM UTC

This isn't supported in core Burp. I have written an extension for you that should allow you to do this: - https://github.com/pajswigger/dynamic-url-macro Please let me know how you get on with this.

Burp User | Last updated: Aug 14, 2018 01:15AM UTC

Hi Paul, Sorry for the delay. Thanks for writing up an extension. I follow the instructions exactly where I created a macro containing one GET and one POST. I created a rule in session handling to invoke the extension for the Macro with one get and one post. I used the session tracker and saw the macro was triggered, but the rule to invoke the extender doesn't seem to be able to extract the action path from the form because in the POST it is still using the recorded path.

PortSwigger Agent | Last updated: Aug 15, 2018 12:31PM UTC

Hi Michael, Thanks for following up. The extension is designed for the case where the macro just has a GET and the POST is the current request. If you need the GET and POST in the macro then unfortunately it can't do that. I think you could write an extension that used the IHttpListener interface to do that.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.