/BURP_EN

12 tricks for Burp Repeater

In today’s episode of “from 0 to pentesting hero” I present some of the lesser-known options found in the Burp Repeater module.

Change tab name

1. If you’ve been doing penetration testing for a long time, your screen may be full of numbered tabs. But it doesn’t have to be this way. By clicking on a given tab twice - we can give it any name, making its content more readable.

Restore closed tab

2. The GUI of these tabs is designed in a rather unfortunate way - because on the right side there is a small X button that closes the given tab and all our work at once. But users requests have been heard. and for some time now, accidentally closed tab can be restored using the right-click context menu.

Request history

3. The Repeater has a built-in request history that is available by clicking on the small arrows. Thanks to this, we can quickly move to that one working configuration.

Auto scroll

4. At the very bottom of the window there is a simple search engine indicating if the given text is found in the server’s response. When entering text, we are automatically moved to the first occurrence.

However, when we send a new request - the counter shows only the number of search results. This can be adjusted by clicking the “plus” button and selecting the appropriate option.

Export to XML

5. In the basic version of Burp, we can’t save and load our work. Fortunately, this has a workaround in the repeater module. All our requests can be saved to an XML file.

It’s good to deselect “base64” option for readability. Such data can then be properly processed - or treated as a backup for emergency situations.

Create request based on URL

6. You came across something interesting and would like to recreate the entire request in Burp. So you start the proxy server and repeat the request. Then you find it in history and send it to the repeater. But it can be simpler.

Copy the URL from the browser and paste it directly into the repeater. Burp will recognize the parameters and add appropriate headers.

Change from POST to GET

7. And what would happen if the request changed from POST to GET or vice versa? You don’t have to do it manually. Right click and select: change requst method.

URL-as-you type

8. Some servers require the transmitted data to be saved in a correct format. So we can use the decoder module, which will convert the characters to their equivalents. Then you have to copy the result and paste it in the right place. But it doesn’t have to be this way.

Select the URL-as-you type and Burp will automatically convert a space to the plus sign when entering text from the keyboard.

Follow redirection

9. Some servers may use 301 redirection. Burp recognizes such headers and follows them. We don’t see the first answer in the result field. And this can be problematic, especially if we are looking for open redirection errors.

If you don’t want something to happen automatically - you can configure how burp behaves in such cases.

Content-length

10. Together with each request where we send parameters, in addition to its content, the browser also sends a header informing the server about the size of the data sent.

Thanks to this, it knows how much data to expect from the user. Burp modifies the content-length header by default - so that its value matches the data we send. If you want to check how the server behaves in the event of incorrect data - you must disable the appropriate option.

Match and replace

11. In the era of today’s CDN servers - some of the responses to our requests may come from the cache. We can ask the server to return the latest possible version. Burp can do it for us. This option is quite deeply hidden in the menu.

We have to go to the proxy server settings and there to the Match and replace tab.

View options

12. The standard view is divided in the middle with a vertical line - on the left we have the request and the response on the right.

This can be changed using the view option. Then the view can be split horizontally or using tabs.