forked from NetSPI/BurpExtractor
-
Notifications
You must be signed in to change notification settings - Fork 6
/
BappDescription.html
19 lines (13 loc) · 1.23 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<p>This extension allows tokens to be extracted from a response and replaced in requests.
It can use useful for dealing with anti-CSRF tokens, updated expiration times, sessions in an authorization header, etc.</p>
<p><b>Using Burp Extractor</b></p>
<ol>
<li>If a request requires a value from a response, right click on that request and select "Send to Extractor". Then find a response where the client
receives this value from, and select "Send to Extractor".</li>
<li>Go to the Extractor tab to view a Comparer-like interface, and select the request and response needed, then click "Go".</li>
<li>Within the newly created tab, highlight the content of the request which needs to be replaced, and the content of the response which
contains the value to be inserted. Adjust the scope as necessary, and click "Turn Extractor on".</li>
<li>Once turned on, Extractor will look for occurrences of the regex listed in the request and response panels, and extract or insert data appropriately.
It will also update the "Value to insert" field with the newest value extracted.</li>
</ol>
<p>Please consult the extension's Github page for a more complete tutorial.</p>