Comments (4)
from autorepeater.
from autorepeater.
Thanks for the response, Justin. Some of the applications I have tested use custom application gateways or custom behaviour that create a one-time use token and redirect to an endpoint on a different domain, but still part of the same application.
A simple example: A GET or POST request to http://applicationname/index is sent by the application which uses a cookie or a bearer token for authentication and a custom header like "X-CUSTOM-URI: /API/addmember" is sent in the request. The application responds with a redirection to a different domain such as http://apiname/api/addmember and provides some sort of one-time use or short-lived token to use in the request to the apiname site.
In this example, I would be browsing the application as a high privileged user and using autorepeater to repeat the requests to http://applicationname as a low privileged user who should not have the ability to add a new member. If the application provides a token and redirection to the API, and the add member request succeeds, it would indicate insecure permissions. The call to the API would have no portion to autorepeat, as the token and redirection was granted for the low privileged user by the http://applicationname site.
I installed autorepeater from the BAppStore a while back; I'll be sure to update, thanks for the recommendation.
from autorepeater.
Hi,
I agree with tzuk-pl.
I'm using this great extension mostly for auto fuzzing and checking the response for specific answers.
This option can help a lot because the redirecting force me to do more manual steps for analyzing the response, In some cases I have hundred of redirection responses so it become useless for those scenarios.
Hope that you will consider to add this option, I'm sure that it will help a lot to many researchers.
Thanks a lot.
from autorepeater.
Related Issues (20)
- Add an option to arrange the conditions and payloads by creating a simple buttons
- Add an option to perform multiple actions in one click such as delete or duplicate
- [Feature Request] Add condition in logs for Resp. Len. Diffing HOT 1
- Messed up colors with Darcula theme in v2020.4 HOT 2
- Possible to perform a series of action
- Autorepeater stops working on adding a log filter with response length greater than 0
- Condition about file extension doesn't work. HOT 6
- Releases
- http2 issues. HOT 4
- Post Parameter Replace
- Replace Param Value in Post
- Not working with servers using HTTP/2
- Ability to copy & paste Rules
- .
- Importing rules
- Replace All
- Autorepeater not working for json body parameters replacement HOT 1
- Top menu gone missing in newer versions of BurpSuite HOT 4
- Excessive resource consumption
- Plugins often get stuck HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autorepeater.