Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Parameter handling

kollegmailer | Last updated: Mar 29, 2020 08:28PM UTC

Hello there How are you? Would you be so kind to nudge me in the right direction; how can I make use of this feature: Quote: from https://portswigger.net/burp/documentation/desktop/options/sessions/macro-editor ==Parameter handling== For each parameter in the request, you can configure whether it should be assigned a fixed preset value, or a value derived from a previous response in the macro. The ability to derive a request parameter's value from a previous response in the macro is particularly useful...... ---End Quote--- Burp Suite recognizes correctly the cookie and all the parameters in my request. There is a drop down menu for each parameter in the 'Configure Macro Item' window but have only one choice: preset value. How can I make 'value derived from previous responses in the macro' selectable? Or maybe something else relevant for my purpose? - I wish to replay the token in the body which is already harvested and processed correctly in the header for the next issue of the request. Could be something similar to Intruder's Payload type: Copy other payload. I am using Burp Suite 2020.1 Community Thank you in advance and have a nice day kolleg

Liam, PortSwigger Agent | Last updated: Mar 30, 2020 09:00AM UTC

Have you checked out these blogs demonstrating Burp's macro feature? - https://www.cyberis.co.uk/burp_macros.html - https://www.blackhillsinfosec.com/using-simple-burp-macros-to-automate-testing/ - https://digi.ninja/blog/burp_macros.php

kollegmailer | Last updated: Mar 31, 2020 10:01AM UTC

Hi Thank you for your reply. The blog posts you mention are all first page search engine results. Naturally I have checked these out long before I hit the keys myself. Including 2nd, 3rd, ... pages from different engines. As far as these tutorials go everything works along. I was able to set up sound 'run macro'-rules aswel as 'run post-request macro'-rules. However all only update the cookie parameter in the header. NOT the identical parameter in the body of the same request. One more thing that I actually managed to figure out after submitting my post here is that it is well possible to select multiple requests in 'Macro Recorder' by Ctrl-clicking!! This also makes the drop-down available and the 'Derive from prior response' option. Still this only effects the header parameter so far... No solution yet on how to update the parameter in the html body along with the header. In 'Intruder' by contrast I was able to update the body parameter along with the header parameter by selecting 'Copy other payload' option. My goal is to trigger this same behaviour in 'Proxy' tab. I'd appreciate any further hint. Thank you kolleg

Liam, PortSwigger Agent | Last updated: Mar 31, 2020 03:20PM UTC

Apologies, I thought the first blog post had the appropriate information. I'll get back to you with some more appropriate resources.

kollegmailer | Last updated: Apr 01, 2020 12:26PM UTC

kk, problem solved! naming in the 'Define Custom Parameter' window is critical! I do not even need to 'Derive from previous response' for my purpose. only one Custom Parameter is needed to update the body line "token=ABC&function=123&Username=BLAHBLA&Password=BLUBB" the header part "Cookie: sessionToken=ABC" is handled by cookie jar and does not need a 'Custom Parameter'. alrighty! Thank you Goodbye

Liam, PortSwigger Agent | Last updated: Apr 02, 2020 09:26AM UTC