Request Highlighter is a simple extension for Burp Suite tool (for both community and professional editions) that provides an automatic way to highlight HTTP requests based on headers content (eg. Host, User-Agent, Cookies, Auth token, custom headers etc.). With Request Highlighter testers can easily identify and point out, within the Proxy history tab, requests belonging to different sessions, hosts, browsers or devices.
- Under the tab "Proxy" -> "HTTP History" select a request belonging to the type that you want to highlight
- In the "Request" tab, select the header part containing the string of interest (eg. the session cookie, a specific user-agent, a custom header etc.) and right-click on it. NOTE: Currently ONLY headers (or parts of them) can be selected.
- On the context menu click on "Request Highlighter - add highlight" and select the color from the list of available ones
- Every request (also inside the proxy history) that contains the string selected will be automatically highlighted with the selected color. NOTE: BE AWARE of potential conflicts! If a request matches with multiple strings, it will be highlighted with the color of the first string found in the request.
- Repeat the process for every category of requests that you want to highlight (max 8)
- To stop highlighting a specific type of requests: open the context menu and, under "Disable Request Highlighter" select the one that you want to disable. Otherwise select from the proxy history the request containing the highlight you want to disable, open the context menu and, under "Request Highlighter - Disable highlights in this request" select the one from the list.
For more details, consult the extension's Github repository.
|Author||Davide 'TwiceDi' Danelon, BeDefended Srl|
|Last updated||23 July 2018|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.