Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Can I change the domain name or IP address in stored state?

Pauline Feb 11, 2015 09:57PM UTC

Hello?

I would like to scan actively in domain name B using stored burp state when I scanned passively with domain name A.

B would run the same service that A have run.

Is this possible? If then, could you let me know how to do it?

Thank you.




Dafydd Stuttard Feb 12, 2015 09:17AM UTC Support Center agent

There are a few ways that you could achieve this:

1. If the application in the new location tolerates you sending the old Host header (usually the case when the server isn’t hosting multiple domains), then you can add an entry at Options / Connections / Hostname Resolution to point the old domain name at the IP address of the new one.

2. You could write a short extension like this one (http://blog.portswigger.net/2012/12/sample-burp-suite-extension-traffic.html) to use the API to change the host of outgoing requests. You could also use the API to update the requests with a different Host header, if necessary.

3. You could chain a second instance of Burp as an upstream proxy from the first. In the second instance, you could configure host redirection at Proxy / Options / Proxy Listeners / Edit / Request Handling. You could also configure a rule at Proxy / Options / Match and Replace to rewrite the Host header, if necessary.


Post Your public answer

Your name
Your email address
Answer