Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

how can I change the response to endpoint with extensions API.

JTSon | Last updated: Mar 14, 2019 02:28AM UTC

This as data flows as far as I know. [Request] Endpoint(such as browser) > burp > processProxyMessage with messageIsRequest==true > processHttpMessage with messageIsRequest==true > TargetServer [Response] TargetServer > burp > processHttpMessage with messageIsRequest==false > processProxyMessage with messageIsRequest==false > Endpoint It's not working like I expected. here is what I expected. [Response] TargetServer > burp > processHttpMessage with messageIsRequest==false > [burp proxy tab intercepting] > processProxyMessage with messageIsRequest==false > Endpoint but It work like that. [Response] TargetServer > burp > processHttpMessage with messageIsRequest==false > processProxyMessage with messageIsRequest==false > [burp proxy tab intercepting] >Endpoint how can i make like what I expected? Thanks.

PortSwigger Agent | Last updated: Mar 14, 2019 11:22AM UTC

Thanks for contacting us regarding this. Yes, the message hits processProxyMessage before the intercept tab is activated, because processProxyMessage can decide whether it should be intercepted. Please let us know if you need any further assistance.

Burp User | Last updated: Mar 17, 2019 11:10AM UTC

Thanks for the response. but I meant how to handle the message after intercepting. The response payload what I want to tamper is encrypted. Therefore, To tamper response message, I have to decrypt first and tmmpering in burp [Proxy tab] and It must be encrypted again. but I can't handle after the response was captured in Extentions APIs. are there any data flow or life cycle about Extentions APIs? or let me know how to handle this. Thanks

PortSwigger Agent | Last updated: Mar 18, 2019 08:31AM UTC

Ok, one approach to handle this is decrypt the response in IMessageEditorTab and encrypt when regenerating message. This extension does similar: - https://github.com/PortSwigger/decompressor Another apporach - which I think you've tried - is to decrypt the response in IHttpListener, and encrypt in IProxyListener. This extension does similar: - https://github.com/PortSwigger/fast-infoset-tester There's lots of documentationw about the API and examples, but there isn't any more documentation on the precise lifecycle of the listeners. If you have specific questions, let us know.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.