Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Making a request after every Scanner response, depending on the response contents.

Adrian | Last updated: Feb 02, 2017 01:32AM UTC

I'm not sure whether this is possible via a mixture of macros / an extension, but here's my problem. I'm trying to scan a request that creates an entry in a database, and the request includes the name of the new entry. The problem is, when running the request through the scanner, it will use the same name each time, and after the first request will result in an error message like "an entry with this name already exists". The solution I'm trying to create is this: 1) After each Scanner request returns a response, check the response and extract the ID of the newly created entry. 2) Send a subsequent request that deletes the entry with the extracted ID. 3) Move on to the next Scanner request. I thought I could do it with session handling rules, but apparently the option to invoke a Burp extension only works prior to the request being sent. Is there any way of doing this with Scanner request / responses? I realize I could use the IHttpListener but I believe that runs concurrently with the Scanner, and I need the request to delete the entry to run after each Scanner request and before the next one starts.

PortSwigger Agent | Last updated: Feb 02, 2017 12:05PM UTC

You could do this with an IHttpListener. Monitor for responses received by the Scanner tool (for the relevant request URL, if necessary). When you observe a response containing an ID, issue another request to delete the item with that ID. Burp has already received the first response, and you can safely issue the second request in the same thread. A possible alternative would be to use a session handling rule that applies to Scanner requests made containing the relevant parameter for the name of the new entry. Your extension can register a custom session handling action that is invoked by the session rule, and which simply updates the relevant parameter with a random value.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.