Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Handle IInterceptedProxyMessage BEFORE it's sent to the server?

Joe Schmedly Jan 22, 2019 11:46PM UTC

This is my first attempt at writing an extension. I would like to intercept certain requests, inspect them, and handle SOME of them BEFORE they are sent to the remote server. In other words, for certain requests, I would like to handle the response entirely in my own code, and have my browser think that the response came from the remote server.

I have modified some of the Python example extensions I found in the docs, and so far I have it intercepting proxy responses/requests fine. However I am having trouble when I go to write a response of my own (rather than forwarding the request on to the remote server). I have attempted using the following to write a response to the intercepted request: message.getMessageInfo().setResponse(b'TEST')

(Note that I am using Python.) When I attempt this, I get an error message that states "java.lang.UnsupportedOperationException: Request has not yet been issued".

... which is exactly what I am trying to do - handle the request before it has been issued. Is that possible?


Joe Schmedly Jan 22, 2019 11:55PM UTC
(note that I should have added: I am using IProxyListener, if that makes any difference)

Paul Johnston Jan 23, 2019 10:17AM UTC Support Center agent

The API doesn’t directly support this, but there is a workaround. What you can do is run a local HTTP server, and rewrite the incoming message so it’s sent to this local server, not the original target.

The HTTP Mock extension does this:

- https://github.com/PortSwigger/http-mock/

It is on our development plan to provide a more direct way of doing this.


Joe Schmedly Jan 23, 2019 04:11PM UTC
Thanks for the reply! I've looked at HTTP Mock, but it doesn't quite do what I need. I'll look into running my own HTTP server though, that looks useful!

Looking forward to seeing API support for this some day. :-)

Post Your public answer

Your name
Your email address
Answer