Comments (4)
justinmoore
commented on June 14, 2024
1
Hey folks,
I’ll prioritize this request.
Thanks,
Justin
…Sent from my iPhone
On Aug 31, 2019, at 2:58 PM, lopa17685 ***@***.***> wrote:
Hi,
I agree with tzuk-pl.
I'm using this great extension mostly for auto fuzzing and checking the response for specific answers.
This option can help a lot because the redirecting force me to do more manual steps for analyzing the response, In some cases I have hundred of redirection responses so it become useless for those scenarios.
Hope that you will consider to add this option, I'm sure that it will help a lot to many researchers.
Thanks a lot.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
from autorepeater.
justinmoore
commented on June 14, 2024
Hey @tzuk-pl,
Thanks for the feature suggestion. If I were to add this as a feature I’d probably add it as a checkbox next to the activate AutoRepeater button and have AutoRepeater follow all redirections in the tab. Is there a particular testing case this feature would be useful for? Usually when AutoRepeater is receiving responses to redirect it’s because the replacements are breaking some part of the request and the request is being redirected back to the login page or an error page.
Also, from your screenshot it looks like you’re using a old version of AutoRepeater. I highly suggest you check out the jar hosted in this repo as it has about a year of additional development and bug fixes.
Thanks,
Justin
… On May 29, 2019, at 7:40 AM, tzuk-pl ***@***.***> wrote:
Pretty simple and straight forward feature request:
Add the ability to follow redirections within auto repeater. I'm thinking it would be useful to have a button similar to how repeater has a button to follow redirections for individual requests/responses, and have a checkbox to automatically follow redirection in the options section.
Find below two crude mockups of what I mean in case it isn't quite clear.
Per Request:
Options:
Current workaround: just send your modified request(s) to repeater and use the "Follow Redirection" button in repeater.
Cheers!
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
from autorepeater.
tzuk-pl
commented on June 14, 2024
Thanks for the response, Justin. Some of the applications I have tested use custom application gateways or custom behaviour that create a one-time use token and redirect to an endpoint on a different domain, but still part of the same application.
A simple example: A GET or POST request to http://applicationname/index is sent by the application which uses a cookie or a bearer token for authentication and a custom header like "X-CUSTOM-URI: /API/addmember" is sent in the request. The application responds with a redirection to a different domain such as http://apiname/api/addmember and provides some sort of one-time use or short-lived token to use in the request to the apiname site.
In this example, I would be browsing the application as a high privileged user and using autorepeater to repeat the requests to http://applicationname as a low privileged user who should not have the ability to add a new member. If the application provides a token and redirection to the API, and the add member request succeeds, it would indicate insecure permissions. The call to the API would have no portion to autorepeat, as the token and redirection was granted for the low privileged user by the http://applicationname site.
I installed autorepeater from the BAppStore a while back; I'll be sure to update, thanks for the recommendation.
from autorepeater.
Nexsus1985
commented on June 14, 2024
Hi,
I agree with tzuk-pl.
I'm using this great extension mostly for auto fuzzing and checking the response for specific answers.
This option can help a lot because the redirecting force me to do more manual steps for analyzing the response, In some cases I have hundred of redirection responses so it become useless for those scenarios.
Hope that you will consider to add this option, I'm sure that it will help a lot to many researchers.
Thanks a lot.
from autorepeater.
Related Issues (20)
- Add an option to arrange the conditions and payloads by creating a simple buttons
- Add an option to perform multiple actions in one click such as delete or duplicate
- [Feature Request] Add condition in logs for Resp. Len. Diffing HOT 1
- Messed up colors with Darcula theme in v2020.4 HOT 2
- Possible to perform a series of action
- Autorepeater stops working on adding a log filter with response length greater than 0
- Condition about file extension doesn't work. HOT 6
- Releases
- http2 issues. HOT 4
- Post Parameter Replace
- Replace Param Value in Post
- Not working with servers using HTTP/2
- Ability to copy & paste Rules
- .
- Importing rules
- Replace All
- Autorepeater not working for json body parameters replacement HOT 1
- Top menu gone missing in newer versions of BurpSuite HOT 4
- Excessive resource consumption
- Plugins often get stuck HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autorepeater.