Burp Suite User Forum

Login to post

Multiple Headers

Holger | Last updated: Apr 20, 2021 07:24AM UTC

Hi, for a bug bounty program, I need to add two X-Headers to all requests. The available extension seems to allow only one custom header to add. How can I add multiple header? Thanks and Regards Holger

Uthman, PortSwigger Agent | Last updated: Apr 20, 2021 08:14AM UTC

Hi Holger, Have you considered using the Match and Replace rules under Proxy > Options?

Uthman, PortSwigger Agent | Last updated: Apr 20, 2021 02:12PM UTC

Hi Holger, If you want to implement this as a session handling rule, you can use the Python code below: from burp import IBurpExtender from burp import ISessionHandlingAction from burp import IParameter class BurpExtender(IBurpExtender, ISessionHandlingAction): def registerExtenderCallbacks(self, callbacks): self._callbacks = callbacks self._helpers = callbacks.getHelpers() callbacks.setExtensionName("Insert Custom HTTP Header") callbacks.registerSessionHandlingAction(self) return def getActionName(self): return "Insert Custom HTTP Header" def performAction(self, currentRequest, macroItems): requestInfo = self._helpers.analyzeRequest(currentRequest) headers = requestInfo.getHeaders() msgBody = currentRequest.getRequest()[requestInfo.getBodyOffset():] headers.add('Test: 22') headers.add('Test: 123') message = self._helpers.buildHttpMessage(headers, msgBody) print self._helpers.bytesToString(message) currentRequest.setRequest(message) return Adapted from https://forum.portswigger.net/thread/registersessionhandlingaction-throwing-errors-8f1ba1f6 so credit to that user! You just need to add the source code into a .py file, load it into the Extender > Extensions tab, and then create a new session handling rule in Project options > Sessions. You will need the rule action to 'Invoke a Burp extension'. Please change the scope of the session handling rule as appropriate and ensure the headers reflect what you want to add to each request.

You need to Log in to post a reply. Or register here, for free.