• Skip to main content
  • Skip to primary sidebar

Technipages

Tutorials and fixes for smartphone, gadget, and computer problems

  • Topics
    • Android
    • Browsers
    • Gaming
    • Hardware
    • Internet
    • iPhone
    • Linux
    • macOS
    • Office
    • Reviews
    • Software
    • Windows
    • Definitions
  • Product Reviews
  • Downloads
  • About
How to Automatically Replace Data in a Web Response With Burp Suite

How to Automatically Replace Data in a Web Response With Burp Suite

November 10, 2020 by Mel Hawthorne Leave a Comment

If you’re testing a website with Burp Suite there are many changes that you can make to your requests and to the webpages you see. You can configure a number of automatic changes to be made to the responses you receive. The options can be found in the “Response Modification” section of the “Options” sub-tab of the “Proxy” tab. All of the automatic response modifications are designed to be useful for people testing websites.

Note: Burp Suite has legitimate uses, as a security tool. You need to ensure you have permission from the owner of a website to test the website before you try doing anything though, as you could be breaking the law if you don’t, even if you only use your own account on a website.

The automatic modification options can be found in the “Response Modification” section of the “Options” sub-tab of the “Proxy” tab.

The first option is “Unhide hidden form fields” and comes with the sub-option “Prominently highlight unhidden form fields”. Hidden form fields generally contain a preconfigured data value, such as a user ID. This data needs to be submitted with the request, but the user doesn’t need to see or edit it. By unhiding the fields, you can more easily see what happens if you edit their values, these options automate the process so you can easily find the hidden form fields.

“Enable disabled form fields” automatically enables any form fields that have been disabled to prevent the user from editing their values. “Remove input field length limits” removes any restrictions on how many characters can be submitted via a form field. This may cause unexpected behaviour in websites that expect only a certain length of input.

“Remove JavaScript form validation” deletes any JavaScript that validates form data as it’s being submitted, allowing invalid data submissions. “Remove all JavaScript” deletes all JavaScript from the webpage. This option is intended to disable client-side logic. “Remove <object> tags” deletes containers of external resources, like removing JavaScript, this is also intended to disable client-side logic.

“Convert HTTPS links to HTTP” automatically downgrades encrypted links to plaintext ones. This can be useful for testing SSLStrip-type attacks and verifying that the website upgrades plaintext requests. “Remove secure flag from cookies” automatically removes the secure flag from cookies that prevent them from being transmitted over plaintext connections. This could assist with leaking authentication tokens and other sensitive cookies when performing SSLStrip-type attacks.

The “Match and Replace” section, just below the “Response modification” section allows you to configure custom rules for both requests and responses using Regex. You can replace the headers or the body of both the request and response, parameter names and values, and the first line of the request.

You can configure custom automatic replacements with the “Match and Replace” section of the “Options” sub-tab of the “Proxy” tab.

You Might Also Like

  • What Is Burp Suite?
    What Is Burp Suite?
  • How to Use Burp Suite Repeater
    How to Use Burp Suite Repeater
  • How to Use Burp Suite Decoder
    How to Use Burp Suite Decoder
  • How to Set up a Proxy Listener in Burp Suite
    How to Set up a Proxy Listener in Burp Suite
  • How to Filter the HTTP History in Burp Suite
    How to Filter the HTTP History in Burp Suite
  • How Does Burp Suite’s Intercept Function Work?
    How Does Burp Suite’s Intercept Function Work?

Filed Under: Internet, Software

Reader Interactions

Did this help? Let us know!

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

  • 9 Best iMovie Equivalents for Windows 11
  • How to Fix Outlook Disconnected from Server Error: Top 11 Methods
  • 3 Ways to Choose All Files in a Folder – Windows 11
  • Apple TV+: How to Erase a Show From the Up Next List
  • How to Change the Profile Picture on Disney+
  • Local Security Policy: What Is It and How to Open It in Windows 11
  • How to Create and Erase an Alarm in Windows 11
  • 10 Best NAS Storage Device for Home and Professional Use

Who’s Behind Technipages?

Baby and Daddy My name is Mitch Bartlett. I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

You May Also Like

  • Data Type
  • Data Link Layer
  • Public Data Network (PDN)

© Copyright 2023 Guiding Tech Media · All Rights Reserved · Privacy