irsdl
/ update_cookie_BambdaCA.java
Last active
July 25, 2025 12:13
Automatically updates the Cookie header in Burp Repeater requests using Set-Cookie values from responses. This Bambda CustomAction preserves all existing cookies and only updates or adds values when necessary — ensuring session continuity without overwriting unrelated cookies.
irsdl
/ BurpSuiteScriptMatchReplaceResponseExample.java
Created
August 23, 2025 21:12
Burp Suite Script Match/Replace in Response Example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if(requestResponse.hasResponse() && requestResponse.request().url().contains("/irsdl")){ | |
| var respBody = requestResponse.response().bodyToString(); | |
| respBody = respBody.replaceAll("test|foobar", "example"); | |
| return requestResponse.response().withBody(respBody); | |
| }else{ | |
| return requestResponse.response(); | |
| } |
irsdl
/ get_access_token_from_proxy.java
Created
August 29, 2025 20:56
This is an example of a Burp Suite Action Script that can be used in Repeater. It extracts the `access_token` parameter from the most recent matching request in the Proxy tab and updates the Authorization Bearer header with the new value.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // @irsdl | |
| // === Config: set what you want to match === | |
| final String TARGET_HOST = "oauth.example.io"; // target domain | |
| final String PATH_PREFIX = "/auth/realms/onba/openid-connect/token"; // match exact or any child path | |
| final short STATUS_CODE = 200; // match the status code where the response has access_token | |
| // Build a ProxyHistoryFilter that only matches completed host+path hits | |
| burp.api.montoya.proxy.ProxyHistoryFilter filter = new burp.api.montoya.proxy.ProxyHistoryFilter() { | |
| @Override | |
| public boolean matches(burp.api.montoya.proxy.ProxyHttpRequestResponse rr) { |
irsdl
/ burp-bambdas-repeater-extract-apply.bambda
Created
September 16, 2025 12:11
A generic Burp Suite Bambdas Custom Action that finds the most recent Proxy history entry matching configurable filters (host/path/method/status/scope/highlight; plus request/response regex gates), extracts values (e.g., Cookie, aura.context, aura.token) via regex, and applies them to the current Repeater request—replacing the Cookie header and …
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ============================================================================ | |
| // Repeater Action: Pull tokens/values from Proxy History & Apply to THIS item | |
| // ---------------------------------------------------------------------------- | |
| // WHAT IT DOES | |
| // 1) Scans Proxy history (most recent first) for an entry that matches your filters. | |
| // 2) Extracts values (Cookie header, form params, etc.) via regex extractors. | |
| // 3) Applies the extracted values to the CURRENT Repeater request (requestResponse). | |
| // | |
| // HOW TO USE / EDIT (TL;DR) | |
| // - Set filters in CONFIG (host/path/method/status/in-scope/highlight). Blank = ignored. |
OlderNewer