-
-
Notifications
You must be signed in to change notification settings - Fork 0
1.0. OverView
gdgd009xcd edited this page Jul 3, 2020
·
27 revisions
AutoMacroBuilder Extension for burpSuite
1.0. Overview
AutoMacroBuilder provides various functions for vulnerability tests of multi-step sequence of request.
For details, refer to the sidebar menu on the right.
-
Basic usage
- Like the burpsuite Macro function, record and play back the sequence of requests as Macro. You can test each request in Macro with burpsuite 's Repeater / intruder / scanner tool.
- Simply select the request you want to test and select the SendTo Repeater / Intruder / Scanner menu within "AutoMacroBuilder panel", then AutoMacroBuilder will perform a set of request sequence and track CSRF tokens/cookies.
- The anti-CSRF token parameter is extracted from the sequence response. Click the [Track] button to display the parameter list, and the setting is completed simply by selecting the parameter to be tracked.
-
Custom function
-
Parameter extract with regex
if Parameters that are difficult to extract with the basic functions, they can be extracted from the response with the regular expressions. -
Incremental numeric parameter setting
You can embed the incremental numeric value to the request parameter. It can be used when it is necessary to set a unique value for each running. -
CSV column parameter setting
You can set the value of the specified column in the CSV file to the request parameter. By saving value such as the registration code of a gift campaign site in the CSV file,It can be used when a unique registered value is required for each page crawling.
-
Parameter extract with regex
-
[AutoMacroBuilder for OWASP ZAP]AutoMacroBuilder for OWASP ZAP will appear in the near future.
-
[Scan Macro]Automatically scan each request in MacroBuilder's "Macro Request List" with scanner.
-
Set the date and time of the current date and time in the format specified in the parameter. For each execution, set to the parameter that needs updating the current date and time.