Professional Community

Reshaper

Trigger actions and reshape HTTP request and response traffic using configurable rules

Rules

Rules allow you to set actions to perform (called Thens) if messages/connections (event) received by Burp Suite meet certain criteria (called Whens). Rules are processed in order.

Whens

  • Content Type - If the HTTP request body is reported to match specified content types
  • Event Direction - If the HTTP message is a Request or Response, or if the WebSocket message is directed toward the client or server
  • From Tool - If the HTTP/WebSocket message is from a specific Burp tool
  • Has Entity - If the HTTP/WebSocket event contains a certain message value entity
  • In Scope - If the URL is in the suite-wide scope
  • Matches Text - If a value (text, variable, or HTTP/WebSocket message value entity) matches a value
  • Message Type - If the WebSocket message is text or binary
  • MIME Type - If the HTTP response body is reported to match specified MIME types
  • Proxy Name - If received by a certain Burp proxy listener
  • Repeat - Repeat a group of When constraints for each item in a list

Thens

  • Break - Stop Rules or then action processing
  • Build HTTP Message - Build an HTTP request or response message and store the full text in a variable
  • Comment - Add a comment to the line item in the HTTP/WebSocket history
  • Delay - Delay further processing/sending of the HTTP/WebSocket event
  • Delete Value - Remove an HTTP message entity
  • Delete Variable - Delete a variable
  • Drop - Have Burp drop the connection
  • Evaluate - Perform operations on values
  • Extract - Extract values into lists
  • Generate - Generate a value
  • Highlight - Highlight the line item in the HTTP/WebSocket history
  • Intercept - Intercept the message in the Proxy interceptor
  • Log - Log message to the Burp extension console
  • Parse HTTP Message - Extract values from an HTTP request or response message and store the values in variable
  • Prompt - Get text via a prompt dialog
  • Read File - Read a file
  • Repeat - Repeat a group of Then actions by count, boolean value, or for each item in a list
  • Run Process - Execute a command in a separate process
  • Run Rules - Run a specific Rule or all auto-run Rules
  • Run Script - Execute a JavaScript script
  • Save File - Save text to a file
  • Send Message - Send a separate WebSocket message
  • Send Request - Send a separate HTTP request
  • Send To - Send data to other Burp tools or the system's default browser
  • Set Encoding - Set the encoding used to read and write bytes of the HTTP request or response body, or WebSocket message
  • Set Event Direction - Change whether to send a request or to send a response at the end of processing
  • Set Value - Set the value of an HTTP/WebSocket event using another value (text, variable, or HTTP/WebSocket event entity)
  • Set Variable - Set a variable using another value (text, variable, or HTTP/WebSocket event entity)
  • Transform - Transform/convert a value

Variables

Share values across different rules while processing the same event or all events

Author

Author

Daquanne Dwight

Version

Version

2.4.0

Rating

Rating

Popularity

Popularity

Last updated

Last updated

18 July 2024

Estimated system impact

Estimated system impact

Overall impact: Low

Memory
Low
CPU
Low
General
Low
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.