login

Burp Suite, the leading toolkit for web application security testing

PortSwigger Web Security Blog

Saturday, 8 November 2008

[MoBP] Tabbed repeating

Now that every browser has jumped on the tabs bandwaggon, it was about time that Burp caught up.

Burp Repeater was always intended to be a very simple tool for performing manual attacks, providing the facility to reissue a single request over and over, manually editing its contents, and keeping a history of the requests made and responses received. And in most situations, this is all that a skilled hacker needs to fine-tune a manual attack.

Occasionally, however, being restricted to a single request window and history is an annoying limitation. Sometimes, your attack involves more than one step, and you need to issue multiple manual requests in sequence. Other times, you need to submit a payload in one request, then issue a different request to establish its impact. Trying to manage two manual requests in the same repeater window, constantly clicking backwards and forwards through the history, is a real pain.

Enter tabbed repeating. In the new version, when you send a request to Repeater from another tool, that request gets its own tab. Each tab has its own request and response windows, and its own history. You can rename tabs to help you keep track of what is where. And you can manually add new tabs or delete old ones, as required. Other than the tabs, Repeater is unchanged:

3 comments:

Wyatt said...

Will you be able to reorder tabs?

PortSwigger said...

Ha, I didn't include that yet. Would it be useful? Maybe I'll add it if time permits.

Ron said...

I agree that re-ordering tabs would be useful. I'm pretty obsessive about what order I have stuff in, having tabs backwards would drive me nuts. :)

Blog Archive


User Forum

Get help from other users, at the Burp Suite User Forum:

Visit the forum ›

Copyright 2014 PortSwigger Ltd. All rights reserved.