This extension provides a way of managing tokens like anti-CSRF, CSurf, Session IDs.
It can be used to set parameters that require random numbers or parameters that are computed based on application responses.
It works by
- extracting tokens from responses using your RegEx
Multiple parameter choices
- header - the token is contained by a custom header
- url - the URL query contains the token
- body - the token is an usual POST parameter
- cookie - one of the cookies contains the token
- other - json, xml, xml attribute, multi-part attribute
Scoping to different tools
Special features include
- a module for testing your RegEx
- enhanced debugging messages
Please refer to the documentation for more details.
|Author||Dan Negrea @sec3ty|
|Last updated||15 March 2022|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.