Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Match and Replace response content in Intruder

Al May 13, 2019 05:22AM UTC

I am working on a web application that generates a random length HTML comment in each response e.g. <!-- This is a random-length HTML comment: oisgvibelyvgbvhoeivghjfsbvlksfhv -->

I have a rule within
Proxy / Options / Match and Replace
that successfully replaces the random comment with a fixed length string.

However, this rule does not seem to take effect during an Intruder attack. The HTML comment changes the content length of each response during the attack, interfering with content length analysis.

Any idea on how a Match and Replace rule can take effect in Intruder?

Rose Krawczuk May 13, 2019 01:24PM UTC Support Center agent

As Intruder traffic does not pass through the Proxy, this rule will not be applied. One way to get around this is to use a second instance of Burp as an upstream proxy (applying your match and replace rule to this upstream instance). Then you can carry out the Intruder attack from the first instance of Burp as normal. There is some useful information here to explain how to use Burp as an upstream proxy:

Please let us know if you need any further assistance.

Post Your public answer

Your name
Your email address