Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Macro creation for variables that keeps changing for every request and response.

Karthik | Last updated: Jun 15, 2015 06:07AM UTC

Hello, I am trying to create a macro to login to the website (as a part of session handling rules). The web site is in aspx In the macro editor, under macro items, I have made the entries that will successfully login to the application. There are two requests. First is a GET request and second is POST request. First GET request goes without any parameters First GET response comes with aspx __VIEWSTATE parameter that is a hidden field The second POST request goes with a aspx __VIEWSTATE parameter as a body parameter The second POST response comes with a aspx __VIEWSTATE parameter as a body parameter In the above mentioned 4 request+response combination, the __VIEWSTATE parameter is exchanged, but in all the 3 cases the value is different. so, while creating the macro, under Configure Macro items, how should I create them - as a 'use preset value' or 'derived from previous response' By default, it is set as use preset value and value from the corresponding request is displayed. But since this keeps changing for every request, this option will be invalid If we keep them 'Derived from previous response', still it will be an invalid option, because the parameter changes for every request and corresponding response. Note 1: Even in subsequent resquests and responses, the value of __VIEWSTATE parameter keeps changing and it is never the same. Note 2: In addition to the __VIEWSTATE parameter there are other parameter as well which behaves the same way and the parameter is __EVENTVALIDATION Please advice.

PortSwigger Agent | Last updated: Jun 15, 2015 02:29PM UTC

The value of the __VIEWSTATE hidden form field in response 1 should be the same as the value of the __VIEWSTATE parameter in request 2, because the browser uses the hidden field value in the request that submits the form. Try issuing the sequence of requests and look in the Proxy history to confirm this. Assuming that is the case, you should use the "derive from previous response" option to ensure that the correct __VIEWSTATE value is submitted in request 2 based on the value received in response 1.

Burp User | Last updated: Jun 30, 2015 10:57AM UTC

Hi Dafydd Thanks for the explanation

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.