Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Manipulate Header Request Parameter in Extension

Jan | Last updated: Mar 27, 2017 04:09PM UTC

Hi, I want to build up a automatic test system for a json api. My plan is as follows: Initially I get a fresh login token. Then i get into the proxy (processProxyMessage) and to replace the token with my freshly acquired login token. My problem is that I cannot update the content of my request. The token just doesnt change. Pseudocode: public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessage message) { IRequestInfo request= helpers.analyzeRequest(message.getMessageInfo()); String user_1_Token=getNewLoginToken(message); List<String> headers= request.getHeaders(); for (String header : headers) { if (header.startsWith("Auth")) { previous_auth_header=header; } } headers.remove(previous_auth_header); headers.add("Authorization: Bearer "+user_1_Token); Maybe the manipulate of the array does not really effect the forwarded request, but I don't know how to do it correcty. Any ideas?

PortSwigger Agent | Last updated: Mar 28, 2017 10:30AM UTC

It looks like you are simply getting the request headers as a list of strings, and then manipulating that list. This won't automatically rebuild the original request. There is a helper method in IExtensionHelpers to build a request from headers and body. When you have rebuild the request you'll need to call into IInterceptedProxyMessage to update the actual request. Note that you'll also need to check the messageIsRequest parameter, as you can't update the request when the response message is being processed, as the request has already been issued.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.