search

bytebutcher / burp-send-to

Adds a customizable "Send to..."-context-menu to your BurpSuite.
149 stars 19 forks source link

Feature request: Authorization header shortcut #9

Closed Regala closed 3 years ago

Regala commented 3 years ago

Hi @bytebutcher ! %C is already super useful, however nowadays many apps use Authorization: Bearer token{...}. Would be awesome if we could use that, similar to how %C for cookie works e.g. %B (bearer token).

Alternatively a more flexible implementation could be done allowing any header to be invoked in the command, something like: %H{Authorization} -> would fetch the Authorization header %H{Referer} -> would fetch the Referer header etc

Thanks!

bytebutcher commented 3 years ago

Hi @Regala ! Thanks for your feature request! That sounds like a nice idea! I'll definitely look into it! Currently i'm a bit swamped by other kind of work so it might take a while to implement. Another thing which might work for you is parsing the desired header in your shell/python script. Here's an example:

Send-To Context Menu Entry:

Name: parse_header.sh
Command: /path/to/script/header.sh %E

header.sh

#!/bin/bash
# first parameter: e.g. /tmp/burp_14295605999789358076.snd
header_file="${1}" 
# parse the user agent
user_agent="$(grep -m1 "User-Agent: " "${header_file}")"
if [ -z "${user_agent}" ] ; then
        echo "ERROR: No user agent found in header!" >&2
        exit 1
fi
# retrieve the actual user agent value
user_agent_value="$(echo -n "${user_agent}" | cut -d: -f2-)"
echo ${user_agent_value}
Regala commented 3 years ago

Oh awesome, that's a good workaround!

Cheers!

On Mon, Aug 2, 2021 at 10:17 PM bytebutcher @.***> wrote:

Hi @Regala https://github.com/Regala ! Thanks for your feature request! That sounds like a nice idea! I'll definitely look into it! Currently i'm a bit swamped by other kind of work so it might take a while to implement. Another thing which might work for you is parsing the desired header in your shell/python script. Here's an example:

Send-To Context Menu Entry:

Name: parse_header.sh Command: /path/to/script/header.sh %E

header.sh

!/bin/bash

first parameter: e.g. /tmp/burp_14295605999789358076.snd

header_file="${1}"

parse the user agent

user_agent="$(grep -m1 "User-Agent: " "${header_file}")" if [ -z "${user_agent}" ] ; then echo "ERROR: No user agent found in header!" >&2 exit 1 fi

retrieve the actual user agent value

user_agent_value="$(echo -n "${user_agent}" | cut -d: -f2-)" echo ${user_agent_value}

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/bytebutcher/burp-send-to/issues/9#issuecomment-891339801, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAKRBL2EZBHWIFMOIEKQXU3T24DP7ANCNFSM5BNF4OJQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .