Feature requests: multiple requests, parameters
Opened this issue · 2 comments
Hello there,
Wonderful plugin, saved my sanity. Couple of feature requests:
- Scripting multiple requests: select multiple requests in Burp, choose Generate Script from context menu, the generated script contains all selected requests. The cookie jar is set up once in the beginning, so any cookies set in responses are retained and used automatically. Ideally, any form parameter values returned in responses (i.e. CSRF tokens) are used, but that will require form parsing. Even without it would be still great scripting a sequence of requests.
- Parameterizing scripts. Adding configurable parameters for the base URL (or host name) and form fields being submitted. Ideally should be configurable from GUI.
Thanks
Multiple request and chaining values
There are many things I see that will make the implementation hard.
- Encoding : There an tons of way to encode a value
- Duplicate values : The tool could confuse a reason-ability long value with the wrong sources.
- The extraction of the value would require the creation of xpath query (BeautifulSoup like) .. This is not impossible but not easy.
In summary, I don't think I will put it on road map soon.. I seems that this feature could easily break and therefore be more trouble to use than do the chain requests manually.
Parametrization of scripts
Any part of the request can be parametrized depending on the use case. I don't see why the hostname is more common than a specific form field or auth credentials.
Also, it doesn't take much time to extract. Most IDE have a shortcut to extract value to variable.
Don't see this comment as a definitive no .. more as a discussion. These are my immediate thoughts.
The support for multiple requests generation is now working for Burp / ZAP.
The extraction of value resubmit (CSRF, hidden values, etc) and chaining between request is not something I plan to implement.