Custom header present even after disabling/removing extension

[Ag0s]

Hi, I have configured the extension once. Added it to my session and it worked flawlessly. However after logging out of the application and getting a new bearer token on login. I am unable to update the automatically set header no matter what I do. What I've tried so far:

• Restart Burp (and after every step)
• Edited the values in the extension tab
• Deleted the session handling rule
• Disabled the extension

Nothing seems to resolve the issue. Even disabled and removed the header is getting added. I am using Burp Suite Pro version 1.7.37.

Edit; The more I think about it, it might be a session handling issue as the scope is also completely ignored. It should add the header to all requests in one subdirectory and specifically exclude it from another.

[lorenzog]

Hi,

This sounds rather strange. Are you sure it's Burp that adds the header and not the browser? Or perhaps there is a macro left running that is inserting the header?

On Tue, Mar 5, 2019 at 7:45 AM Ag0s notifications@github.com wrote:

Hi, I have configured the extension once. Added it to my session and it worked flawlessly. However after logging out of the application and getting a new bearer token on login. I am unable to update the automatically set header no matter what I do. What I've tried so far:

• Restart Burp (and after every step)
• Edited the values in the extension tab
• Deleted the session handling rule
• Disabled the extension

Nothing seems to resolve the issue. Even disabled and removed the header is getting added. I am using Burp Suite Pro version 1.7.37.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/lorenzog/burpAddCustomHeader/issues/3, or mute the thread https://github.com/notifications/unsubscribe-auth/ABXeaxOYDrMR_lSA9U1lUPFsaAyn-Vkpks5vTiClgaJpZM4bd-Se .

-- :Lorenzo Grespan

[Ag0s]

thanks for your response

I found that the header is saved in the project options. Once I restarted burp using configuration defaults it was finally removed and I was able to set a new header. However if I want to change the header, I need to reload burp with default project config.

[lorenzog]

Hi,

I see the problem. There is a "disable" button in the extension to avoid using the value set, but it might not work if you have removed the extension already. I'll take a look and see whether there's a way to clean up the actions when unloading the extension.

On Mon, Mar 11, 2019 at 11:35 AM Ag0s notifications@github.com wrote:

I found that the header is saved in the project options. Once I restarted burp using configuration defaults it was finally removed and I was able to set a new header. However if I want to change the header, I need to reload burp with default project config.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/lorenzog/burpAddCustomHeader/issues/3#issuecomment-471504420, or mute the thread https://github.com/notifications/unsubscribe-auth/ABXea67OYX2SeKl8tXD5TkTP15z2xULdks5vVj9lgaJpZM4bd-Se .

-- :Lorenzo Grespan

[lorenzog]

Hi, sorry it took me a while to get back to you. Did you solve the problem? I couldn't find anything wrong.

[Ag0s]

I fixed it by enabling and re-enabling the plugin. Might be a conflict with other plugins. Though this work arount was enough for me to stop the debugging. Thanks for you effords.