Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Request interception

eax Jul 05, 2019 01:11PM UTC

Hi there,

I'm aware that if you register a IHttpListener you are able to intercept requests before they are sent out. Is it also possible to intercept a request prior to assigning it a tool, for example, the scanner?

The purpose is to exclude certain parameters from the initial request, send the result of that to the scanner and as soon the scanner is done; the initial parameters are added back to the request and then sent out.

Any input is much appreciated. Thank you for your time!


Liam Tai-Hogan Jul 05, 2019 01:38PM UTC Support Center agent

Have you tried sending the request to Burp Repeater using the context menu?

From here, you can test or edit the request and use the context menu to send it to Burp Scanner.


eax Jul 05, 2019 01:58PM UTC
Well, that might work actually. I guess I will have to make an alternative to "Do an active scan";

Chain of events would be looking like this then:

1. "My extension" is triggered on a request;
2. that request is sent to Repeater;
3. Repeater strips away the parameters from the request and sends it to the Scanner;
4. Scanner inserts its payload;
5. Scanner sends out the adjusted request;
6. that request is intercepted using a IHttpListener;
7. my adjusted parameters added back to the request
8. final request is sent out.

I will try this out. Thanks !

Post Your public answer

Your name
Your email address
Answer