Burp Repeater Options
The Repeater menu controls aspects of Burp Repeater's behavior. The
following options are available:
- Update Content-Length - This option controls
whether Burp automatically updates the Content-Length header of the
request where necessary. Using this option is normally essential when
the request message contains a body.
- Unpack gzip / deflate - This option controls
whether Burp automatically unpacks gzip- and deflate-compressed content
received in responses.
- Follow redirections - This setting controls whether
redirection responses are automatically followed. The following options
Note: If Repeater receives a redirection response which
it is not configured to follow automatically, it will display a "Follow
redirection" button near to the top of the UI. This allows you to manually follow
the redirection after viewing it. This feature is useful for walking
through each request and response in a redirection sequence. New cookies
will be processed in these manual redirections if this option has been
set in the "Process cookies in redirections" option described below.
- Never - Repeater will not follow any redirections.
- On-site only - Repeater will only follow redirections to the same web "site",
i.e. to URLs employing the same host, port and protocol as was used in the
- In-scope only - Repeater will only follow
redirections to URLs that are within the
suite-wide target scope.
- Always - Repeater will follow redirections to any URL whatsoever. You should
use this option with caution - occasionally, web applications relay your
request parameters in redirections to third-parties, and by following
redirections you may inadvertently attack an application that you do not intend
- Process cookies in redirections - If this option is
selected, then any cookies set in the redirection response will be
resubmitted when the redirection target is followed.
- View - This submenu lets you configure the layout
of the request/response panel. You can view the HTTP messages in a
top/bottom split, a left/right split, or in tabs.
- Action - This submenu contains the same options as
are available on via the context menu of the request and response
Wednesday, April 22, 2015
This release contains a number of minor enhancements and bugfixes, including:
- The Proxy now uses SHA256 to generate its CA and per-host certificates
- There is a new button at Proxy / Options / Proxy Listeners to force Burp to regenerate its CA certificate.
- A bug in the "Paste from file" function which caused Burp to sometimes retain a lock on the selected file has been fixed.
- A bug in the Intruder "extract grep" function, which sometimes caused extracted HTML content to be rendered as HTML in the results table, has been fixed.
See all release notes ›