Stepper is designed to be a natural evolution of Burp Suite's Repeater tool, providing the ability to create sequences of steps and define regular expressions to extract values from responses which can then be used in subsequent steps.
Variables can be defined for use within a sequence. Variables consist of an identifier and a regular expression, or in the case of initial variables defined in the Globals tab, an identifier and value. Step variables, defined with a regular expression, have their values set from the response of the step in which they are defined. The variable is then available for use within the request of subsequent steps after their definition. However, Global variables, defined with a literal initial value, can be used throughout the sequence.
Both step and global variables may be updated in later steps after their definition.
Regular Expression Variables:
Variables which are defined with a regular expression are updated each time the step in which they are defined is executed. The regular expression is executed on the response received, with the first match being used as the new value. If the defined regular expression has no groups defined, the whole match will be used. If the regular expression defines capture groups, the first group will be used. If groups are required but should not be used as the value, a non-capturing group may be used. e.g. (?:REGEX)
|Last updated||31 October 2019|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.