• Skip to main content
  • Skip to primary sidebar

Technipages

Smart phone, gadget and computer tutorials

  • Topics
    • Android
    • Gaming
    • Hardware
    • Internet
    • iOS
    • MacOS
    • Office
    • Software
    • Windows
    • Definitions
  • Product Reviews
  • Downloads
  • About
How to Automatically Replace Data in a Web Response With Burp Suite

How to Automatically Replace Data in a Web Response With Burp Suite

Posted on November 14, 2020 by Mel Hawthorne Leave a Comment

If you’re testing a website with Burp Suite there are many changes that you can make to your requests and to the webpages you see. You can configure a number of automatic changes to be made to the responses you receive. The options can be found in the “Response Modification” section of the “Options” sub-tab of the “Proxy” tab. All of the automatic response modifications are designed to be useful for people testing websites.

Note: Burp Suite has legitimate uses, as a security tool. You need to ensure you have permission from the owner of a website to test the website before you try doing anything though, as you could be breaking the law if you don’t, even if you only use your own account on a website.

The automatic modification options can be found in the “Response Modification” section of the “Options” sub-tab of the “Proxy” tab.

The first option is “Unhide hidden form fields” and comes with the sub-option “Prominently highlight unhidden form fields”. Hidden form fields generally contain a preconfigured data value, such as a user ID. This data needs to be submitted with the request, but the user doesn’t need to see or edit it. By unhiding the fields, you can more easily see what happens if you edit their values, these options automate the process so you can easily find the hidden form fields.

“Enable disabled form fields” automatically enables any form fields that have been disabled to prevent the user from editing their values. “Remove input field length limits” removes any restrictions on how many characters can be submitted via a form field. This may cause unexpected behaviour in websites that expect only a certain length of input.

“Remove JavaScript form validation” deletes any JavaScript that validates form data as it’s being submitted, allowing invalid data submissions. “Remove all JavaScript” deletes all JavaScript from the webpage. This option is intended to disable client-side logic. “Remove <object> tags” deletes containers of external resources, like removing JavaScript, this is also intended to disable client-side logic.

“Convert HTTPS links to HTTP” automatically downgrades encrypted links to plaintext ones. This can be useful for testing SSLStrip-type attacks and verifying that the website upgrades plaintext requests. “Remove secure flag from cookies” automatically removes the secure flag from cookies that prevent them from being transmitted over plaintext connections. This could assist with leaking authentication tokens and other sensitive cookies when performing SSLStrip-type attacks.

The “Match and Replace” section, just below the “Response modification” section allows you to configure custom rules for both requests and responses using Regex. You can replace the headers or the body of both the request and response, parameter names and values, and the first line of the request.

You can configure custom automatic replacements with the “Match and Replace” section of the “Options” sub-tab of the “Proxy” tab.

You Might Also Like

  • What Is Burp Suite?
    What Is Burp Suite?
  • How to Use Burp Suite Repeater
    How to Use Burp Suite Repeater
  • How to Use Burp Suite Decoder
    How to Use Burp Suite Decoder
  • How to Set up a Proxy Listener in Burp Suite
    How to Set up a Proxy Listener in Burp Suite
  • How to Filter the HTTP History in Burp Suite
    How to Filter the HTTP History in Burp Suite
  • How Does Burp Suite’s Intercept Function Work?
    How Does Burp Suite’s Intercept Function Work?
  • How to Add Websites to Burp Suite’s Target Scope
    How to Add Websites to Burp Suite’s Target Scope
  • How to Import Burp Suite’s HTTPS Certificate in Windows
    How to Import Burp Suite’s HTTPS Certificate in Windows
  • How to Configure Burp Suite to Intercept Network Traffic
    How to Configure Burp Suite to Intercept Network Traffic

Filed Under: Internet, Software

Reader Interactions

Did this help? Let us know! Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Recent Posts

  • Fix Skype Error: Exchange Needs Your Credentials
  • Fix Skype Notifications Not Working on Windows 10
  • Teams in Outlook: We Couldn’t Schedule the Meeting
  • VR Oculus Quest 2: How to Configure a New Room-Scale Boundary
  • VR Oculus Quest 2: How to Adjust Boundary Sensitivity
  • Dropbox: How To Change the Date Format
  • Microsoft Teams: There Was a Problem Saving the Photo
  • VR Oculus Quest 2: How to Set up Oculus Link

Who’s Behind Technipages?

Baby and Daddy My name is Mitch Bartlett. I've been working in technology for over 20 years in a wide range of tech jobs from Tech Support to Software Testing. I started this site as a technical guide for myself and it has grown into what I hope is a useful reference for all.

Follow me on Twitter, or visit my personal blog.

You May Also Like

  • Data Type
  • Data Link Layer
  • Public Data Network (PDN)

© Copyright 2021 Technipages · All Rights Reserved · Privacy