search

nccgroup / AutoRepeater

Automated HTTP Request Repeating With Burp Suite
https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/january/autorepeater-automated-http-request-repeating-with-burp-suite/
MIT License
839 stars 106 forks source link

Better Documentation #7

Open justinmoore opened 6 years ago

justinmoore commented 6 years ago

They usage documentation is on the light side. There should be either some sort of video or better instructions for how to effectively use AutoRepeater.

bao7uo commented 6 years ago

I agree - having tried to figure it out I can't seem to make it do anything. No criticism intended - I have written a couple of Burp extensions myself which probably also could do with some documentation!

justinmoore commented 6 years ago

@bao7uo I've realized since this tool was released that it's not the most intuitive to operate. At some point I'll record a short gif that demonstrates how the tool works. In the mean time, if you want to use AutoRepeater, set a replacement which will cause a change to occur within a request that's sent through burp. AutoRepeater will see the request, perform the replacement, and resend the request.

muttiopenbts commented 6 years ago

Just found this extension and played with it for around 30 mins, and still can't figure out how to replace a tag in a request. Looks super useful for my need to test OAuth2, and OIDC clients. Certainly looks appears to be better than having to write my own extension or using PyTools.

batanman commented 6 years ago

I can't even get any requests to send to it when I right click and do send to AutoRepeater. Am I missing something?

justinmoore commented 6 years ago

hey @batanman,

To make AutoRepeater work you need to set a replacement within AutoRepeater that will cause some text within the request to differ from the original request. From example, if you're making a GET request to the Google homepage, you could set a replacement in AutoRepeater to replace each instance of google in the request with "notgoogle" by specifying a Replacement with the type set to "Replace String", the Match set to "google", the replace set to "notgoogle", and the regex box unchecked. Also you do not need to send requests to AutoRepeater explicitly, if AutoRepeater is active it will automatically perform the replacements and resend requests as the requests pass through Burp.

leesoh commented 5 years ago

I love your tool but agree regarding documentation. I've been putting a little together on my end that I'd be happy to contribute. Where do you see it living? Under the README or in a wiki?

justinmoore commented 5 years ago

Hey @leesoh,

Thank you for contributing to AutoRepeater, you can submit a pull request to the README.md.

Thanks, Justin