Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Making a request after every Scanner response, depending on the response contents.

Adrian | Last updated: Feb 02, 2017 01:32AM UTC

I'm not sure whether this is possible via a mixture of macros / an extension, but here's my problem. I'm trying to scan a request that creates an entry in a database, and the request includes the name of the new entry. The problem is, when running the request through the scanner, it will use the same name each time, and after the first request will result in an error message like "an entry with this name already exists". The solution I'm trying to create is this: 1) After each Scanner request returns a response, check the response and extract the ID of the newly created entry. 2) Send a subsequent request that deletes the entry with the extracted ID. 3) Move on to the next Scanner request. I thought I could do it with session handling rules, but apparently the option to invoke a Burp extension only works prior to the request being sent. Is there any way of doing this with Scanner request / responses? I realize I could use the IHttpListener but I believe that runs concurrently with the Scanner, and I need the request to delete the entry to run after each Scanner request and before the next one starts.

PortSwigger Agent | Last updated: Feb 02, 2017 12:05PM UTC