Home 0P3N Blog Help With Removing HTTP Header Info In Burp Suite Using Python Extension
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Help With Removing HTTP Header Info In Burp Suite Using Python Extension

January 1, 2016
authors profile image
January 1, 2016
Hey Guys, So I'm currently trying to automate some of my web application testing requests through Burp Suite using the Python Scripting extension. I have a basic python script that can append the parameter values I need to the request before it leaves Burp. However, my script only appends my parameters to the end of the header info and leaves the old parameters in place which gives me two entries for a given parameter. Basically what it comes down to is that I want to either find/replace or remove/append a parameter. I'm a novice at python coding so forgive me if the code below is sloppy or can be done an easier way. I want to replace the values of the x-app-id and the Authorization token within the header field. Like I said before, my script below only appends those values and does not replace/remove the old ones. I've tried a few different things but I don't have quite the knowledge to get it tailored to how I need it. If anyone could send any tips or point anything out here I would be greatly thankful. Best Regards, Ryno23 ----------------------------------------------------------------------------- # These are java classes, being imported using python syntax from burp import IBurpExtender from burp import IHttpListener class BurpExtender(IBurpExtender, IHttpListener): def registerExtenderCallbacks(self, callbacks): self.\_callbacks = callbacks self.\_helpers = callbacks.getHelpers() callbacks.setExtensionName("Auth and x-app-id Hardcodes") callbacks.registerHttpListener(self) return def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest): # Only process requests if not messageIsRequest: return requestInfo = self.\_helpers.analyzeRequest(currentRequest) bodyBytes = currentRequest.getRequest()\[requestInfo.getBodyOffset():\] bodyStr = self.\_helpers.bytesToString(bodyBytes) # Request Header information headers = requestInfo.getHeaders() newHeaders = list(headers) # Make the hardcoded changes to x-app-id and Authorization values **x\_app = "Testing" newHeaders.append("x-app-id: " + x\_app) auth = "Testing1234567890" newHeaders.append("Authorization: " + auth)**\# Build the new message with updated parameters newMessage = self.\_helpers.buildHttpMessage(newHeaders, bodyStr) print self.\_helpers.bytesToString(newMessage) currentRequest.setRequest(newMessage) x\_app = “Testing” newHeaders.append(“x-app-id: ” + x\_app) auth = “Testing1234567890” newHeaders.append(“Authorization: ” + auth)
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry