Enhancement: Editing Original Repeater Request

[ccerne-bf]

Hello! I don't think this is a feature already, but please let me know if I'm wrong about this. I tried searching the docs everywhere and couldn't find anything.

I think it would be useful to provide a feature in the HttpHandler API (or maybe it's better off in Repeater) that allows the extension to make changes to the original request, so that the user can see what changes the extension makes to the HttpRequest in real time. If an extension adds a header, for instance, it can signal to the original HttpEditor in repeater that a change was made and update it accordingly, similarly to how the Content-Length header in an HTTP request is automatically updated in the Burp UI.

The usefulness here, in my opinion, would be to show users up-to-date auth tokens or other request headers that may dynamically change from request-to-request, if they needed access to that information (instead of the user going into the Burp logger and finding it there, which can be tedious).

[Hannah-PortSwigger]

Hi

Have you considered providing an additional tab on the request that displays the additional data you mention?

You can find an example extension that demonstrates adding an additional message editor tab here: https://github.com/PortSwigger/burp-extensions-montoya-api-examples/tree/main/customrequesteditortab

Depending on the mechanism by which the request has been modified, often the changes will be shown in the Repeater request after the request has been sent.

[ccerne-bf]

Hi @Hannah-PortSwigger - thank you for your fast response! Regarding your first point, I am not interesting in creating a separate tab for my extension. I would like to hook into the original message editor tab. I mean, I can certainly create an additional tab, but I think for this use case, that would be a little overkill.

What I'm asking is simply a way to edit the contents of the original Repeater message editor -- just like what happens with Content-Length when you change the body of a request.

Depending on the mechanism by which the request has been modified, often the changes will be shown in the Repeater request after the request has been sent.

Can you elaborate on which mechanism you are referring to? In the Montoya API, making changes to the request parameter in handleHttpRequestToBeSent in HttpHandler doesn't seem to do the trick.

[PortSwiggerSupport]

Hi

If you're modifying a request using an extension as part of a session handling action (like the "Add Custom Header" BApp), these changes will be reflected in the sent request.

You can update the main message editor from a different message editor tab. For example, if you make some modification to a request in an added "Hackvertor" tab, these changes will be reflected in the Raw/Pretty view of the message editor. You can also see this in our example extension here.