You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
Rasmus Moorats d2c2256ca5
ci/woodpecker/push/woodpecker Pipeline was successful Details
bump Montoya API
4 weeks ago
gradle/wrapper include gradle wrapper jar 2 months ago
src/main bump Montoya API 4 weeks ago
transformer-bundle@9638490412 bump transformer-bundle 2 months ago
.gitignore include gradle wrapper jar 2 months ago
.gitmodules update transformer-bundle submodule url 2 months ago
.woodpecker.yml better CI artifact path 2 months ago
README.md use re2 as the regex engine 2 months ago
build.gradle.kts bump Montoya API 4 weeks ago
gradle.properties initial commit 3 months ago
gradlew initial commit 3 months ago
gradlew.bat initial commit 3 months ago
settings.gradle.kts initial commit 3 months ago

README.md

Burp Value Autoupdater

Description

Simple Burp Suite plugin which stores values from incoming requests.

The values to watch for can be defined using regex or simply header names.

Values which have been stored can be used in outgoing requests using $placeholders$.

Usage

As an example, let's say we want to keep track of a CSRF token, sent to us as the cookie csrf.

We set up a regex to watch for the value like so:

Regex UI

We receive a response to a request (via any enabled tool) that contains a new CSRF value:

HTTP/1.1 200 OK
Set-Cookie: csrf=the_csrf_token

The stored value gets updated with the token we received in the response:

Table view

We can then use the $placeholder$ in a request, which will automatically fill in the stored value:

GET / HTTP/1.1
Host: nns.ee
Cookie: csrf=$csrf$; session=123

Regex matching (and placing values) works in any part of the request, not just the headers.

The regex matcher uses the re2 syntax.

Installation

Currently, no .jar files are provided. Once I feel this project is polished enough to publish releases for, I will probably upload this to the Burp App store.

You can, however, build the .jar yourself if you so desire.

Once you have a .jar, in Burp Suite, go to Extender -> Add and load the file as a Java extension.

Building

Building is done via Gradle. To build a .jar with all dependencies included, do:

./gradlew shadowJar

The .jar file can then be found in build/libs/ (look for the version tagged -all).