Ready to Start Your Career?

Help With Removing HTTP Header Info In Burp Suite Using Python Extension

Author's profile image

January 1, 2016

Hey Guys, So I'm currently trying to automate some of my web application testing requests through Burp Suite using the Python Scripting extension. I have a basic python script that can append the parameter values I need to the request before it leaves Burp. However, my script only appends my parameters to the end of the header info and leaves the old parameters in place which gives me two entries for a given parameter. Basically what it comes down to is that I want to either find/replace or remove/append a parameter. I'm a novice at python coding so forgive me if the code below is sloppy or can be done an easier way. I want to replace the values of the x-app-id and the Authorization token within the header field. Like I said before, my script below only appends those values and does not replace/remove the old ones. I've tried a few different things but I don't have quite the knowledge to get it tailored to how I need it. If anyone could send any tips or point anything out here I would be greatly thankful. Best Regards, Ryno23 ----------------------------------------------------------------------------- # These are java classes, being imported using python syntax from burp import IBurpExtender from burp import IHttpListener class BurpExtender(IBurpExtender, IHttpListener): def registerExtenderCallbacks(self, callbacks): self.\_callbacks = callbacks self.\_helpers = callbacks.getHelpers() callbacks.setExtensionName("Auth and x-app-id Hardcodes") callbacks.registerHttpListener(self) return def processHttpMessage(self, toolFlag, messageIsRequest, currentRequest): # Only process requests if not messageIsRequest: return requestInfo = self.\_helpers.analyzeRequest(currentRequest) bodyBytes = currentRequest.getRequest()\[requestInfo.getBodyOffset():\] bodyStr = self.\_helpers.bytesToString(bodyBytes) # Request Header information headers = requestInfo.getHeaders() newHeaders = list(headers) # Make the hardcoded changes to x-app-id and Authorization values **x\_app = "Testing" newHeaders.append("x-app-id: " + x\_app) auth = "Testing1234567890" newHeaders.append("Authorization: " + auth)**\# Build the new message with updated parameters newMessage = self.\_helpers.buildHttpMessage(newHeaders, bodyStr) print self.\_helpers.bytesToString(newMessage) currentRequest.setRequest(newMessage) x\_app = “Testing” newHeaders.append(“x-app-id: ” + x\_app) auth = “Testing1234567890” newHeaders.append(“Authorization: ” + auth)
Schedule Demo