Looking for our research? We've moved it to a dedicated page

[MoBP] Tabbed repeating

Dafydd Stuttard | 08 November 2008 at 10:13 UTC
MoBP burp

Now that every browser has jumped on the tabs bandwaggon, it was about time that Burp caught up.

Burp Repeater was always intended to be a very simple tool for performing manual attacks, providing the facility to reissue a single request over and over, manually editing its contents, and keeping a history of the requests made and responses received. And in most situations, this is all that a skilled hacker needs to fine-tune a manual attack.

Occasionally, however, being restricted to a single request window and history is an annoying limitation. Sometimes, your attack involves more than one step, and you need to issue multiple manual requests in sequence. Other times, you need to submit a payload in one request, then issue a different request to establish its impact. Trying to manage two manual requests in the same repeater window, constantly clicking backwards and forwards through the history, is a real pain.

Enter tabbed repeating. In the new version, when you send a request to Repeater from another tool, that request gets its own tab. Each tab has its own request and response windows, and its own history. You can rename tabs to help you keep track of what is where. And you can manually add new tabs or delete old ones, as required. Other than the tabs, Repeater is unchanged: