Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

match and replace for the websocket

Alan | Last updated: Jul 19, 2017 02:16PM UTC

Possible to add a match and replace for the websockets? Someone made a plugin for it in the past, but isnt working anymore.

PortSwigger Agent | Last updated: Jul 19, 2017 03:02PM UTC

Hi Alan, Thanks for getting in touch. We're aware that web sockets support is somewhat limited and we do have a long-term plan to improve this. No-one here remembers a match and replace web sockets extension. Do you have any more details about it? I've linked your request to the web sockets development story; we'll update you when we've made progress.

Burp User | Last updated: Jan 04, 2019 11:44PM UTC

A bit late, but you may have seen this: http://evilwan.be/ Although it seems to require some further coding; quote from the web-page: "The bottom part of the extra tab handles automatic modification of WebSocket messages. For this to work, a custom Java class has to be written that implements interface "evilwan.WSFilter" and the name of that Java class (including package name) has to be specified in the extension configuration tab. A toggle button can be clicked to activate or deactivate automatic modification of WebSocket messages." Alan

Kirill | Last updated: May 15, 2020 06:05AM UTC

Hi! Are there any updates on this feature? Or maybe exist some fresh extension for this purpose?

Michelle, PortSwigger Agent | Last updated: May 15, 2020 11:48AM UTC

There aren't any new extensions in the BApp store relating to this kind of thing, could you tell us a bit more about how you'd like to see things work so we can make sure we've got your ideas captured properly?

Kirill | Last updated: May 15, 2020 01:41PM UTC

List of settings with params. WS Url: Url of WS connection; Types: Message to server / Message to client; Operations: Block / Match&Replace / Periodically. --- Block: Match by regexp and drop the message. Match&Replace: Match by regexp, change catched message (usage regexp substitutions) or create a new one, and forward the message. Periodically: Send one message at specified intervals (in milliseconds). "Block" doesn't effect on "Match&Replace" and "Periodically" generated messages. "Match&Replace" doesn't effect on "Periodically" generated messages. Maybe Up and Down settings can be used for managing the flow.

Kirill | Last updated: May 15, 2020 01:41PM UTC

List of settings with params. WS Url: Url of WS connection; Types: Message to server / Message to client; Operations: Block / Match&Replace / Periodically. --- Block: Match by regexp and drop the message. Match&Replace: Match by regexp, change catched message (usage regexp substitutions) or create a new one, and forward the message. Periodically: Send one message at specified intervals (in milliseconds). "Block" doesn't effect on "Match&Replace" and "Periodically" generated messages. "Match&Replace" doesn't effect on "Periodically" generated messages. Maybe Up and Down settings can be used for managing the flow.

Michelle, PortSwigger Agent | Last updated: May 19, 2020 12:23PM UTC

Thanks for sending that over. To make sure I'm understanding things correctly, could you also describe a scenario explaining what your workflow might look like if you had those options available in Burp?

Praveen | Last updated: Aug 07, 2020 10:23AM UTC

Hi, I had a requirement for a similar scenario. The app updates certain sensitive parameters from the browser to the server side using websocket calls. However tampering these values is a challenge. Auto match and replace will work well in these scenarios. Thanks.

Michelle, PortSwigger Agent | Last updated: Aug 07, 2020 12:33PM UTC

Could you tell us a bit more about the types of things you are changing and describe an example of the kind of match and replace you would like to do, e.g. would it just be matching and replacing specific characters or would it be something more complex?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.