Match and Replace response content in Intruder
I am working on a web application that generates a random length HTML comment in each response e.g. <!-- This is a random-length HTML comment: oisgvibelyvgbvhoeivghjfsbvlksfhv -->
I have a rule within
Proxy / Options / Match and Replace
that successfully replaces the random comment with a fixed length string.
However, this rule does not seem to take effect during an Intruder attack. The HTML comment changes the content length of each response during the attack, interfering with content length analysis.
Any idea on how a Match and Replace rule can take effect in Intruder?
As Intruder traffic does not pass through the Proxy, this rule will not be applied. One way to get around this is to use a second instance of Burp as an upstream proxy (applying your match and replace rule to this upstream instance). Then you can carry out the Intruder attack from the first instance of Burp as normal. There is some useful information here to explain how to use Burp as an upstream proxy:
Please let us know if you need any further assistance.