The RepeaterClips extension lets you share requests with just two clicks and a paste.
By converting any Burp request into a compressed Base64 string, it can be easily shared over IM or email without fear of autocorrect or autoformatting corrupting the request. There's no need for sender or receiver to have a browser open, and the built-in compression allows even large requests to be sent with relative ease.
How it works
Once RepeaterClips successfully loads, it creates two new items in Burp's context menu for requests. The first, Copy RepeaterClip, reads the protocol (http or https), host address, port number, and text from the current request; consolidates it into a JSON string; compresses the string; encodes it with Base64, and copies it to your system clipboard. The second menu item, Paste RepeaterClip to Repeater, creates a new Repeater tab and generates a request based on a RepeaterClip you previously copied to the clipboard.
To share a request with a colleague, just choose the Copy RepeaterClip option, transition to your favorite email or IM client, and paste the clipboard into a message to send. Your colleague will then copy the Base64 text string you pasted, transition to Burp, and then choose Paste RepeaterClip to Repeater. They will then see a new Repeater tab with a request identical to the one on your system. If they identify a new attack vector and want to send their modified request back to you, they simply reverse the process.
Requests can contain session cookies or even encoded or cleartext passwords in headers or parameters. RepeaterClips does not encrypt any data. Though each RepeaterClip appears obfuscated, it is just compressed and encoded with Base64 using standard libraries. If sensitive data is contained in the request, you'll need to take appropriate steps to protect it yourself.
If for some reason, the extension cannot convert your request, the clipboard will not change. Make sure you verify the contents (perhaps by choosing the Paste RepeaterClip to Repeater option) before you paste something you didn't intend to paste and send it to a colleague by mistake.
Likewise, RepeaterClips doesn't verify the integrity of requests or check them for malicious content. Be sure you trust your source and the integrity of your messaging channel prior to sending a request from Burp generated by a RepeaterClip.
|Last updated||11 February 2021|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.