Response Tampering
There are two methods to tamper with responses using Burp Suite:
- Modify the response code after intercepting the response.
- Set up proxy settings to intercept specific codes and replace them with different content.
Modifying the response code after intercepting:
- Open the browser with proxy intercept enabled.
- Navigate to the desired website using the opened browser.
- Turn on intercept by clicking "Intercept is off" and changing it to "Intercept is on."
- The request will pause until you click "Forward" after intercepting it.
- When it's paused, right-click and select "Do intercept-response to this request."
- After modifying the response, click "Forward" to see the changes in the Chromium browser.
- You can either modify the response and click "Forward" or turn off intercept to proceed.
Setting up proxy rules for response code manipulation:
- Go to Proxy > Options > Match and Replace Rules.
- Click "Add" to create a new rule.
- Select "Response Body" for the type.
- Enter
<script>location.href='./example.php';</script>in the "Match" field. - Leave the "Replace" field empty, as we want to remove the code
<script>location.href='./example.php';</script>. - Click "OK" to add the rule, and it will be applied to all future responses' body parts that contain the specified code.
댓글 없음:
댓글 쓰기