**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
Configuring Request and Response Interception Rules:
To configure rules for intercepting requests and responses, follow these steps:
Add a Rule: Click “Add” to open the “Add request interception rule” dialog.
Specify Rule Details:
- Boolean Operator: Choose either “AND” or “OR” to combine this rule with the previous one.
- Match Type: Select the attribute to match, such as domain name, IP address, or protocol.
- Match Relationship: Choose either “Matches” or “Does not match”.
- Match Condition: Enter the value for matching, using regular expressions if needed.
Create the Rule: Click “OK” to create the rule.
Burp will apply the enabled rules to determine if a message should be intercepted. Rules are combined in order using the selected boolean operator. Use the checkboxes to activate or deactivate rules and the “Edit” and “Remove” buttons to modify or delete them. You can also reorder rules using the “Up” and “Down” buttons.
Interception Modification
These settings help prevent invalid requests and responses when modifying intercepted messages:
Automatically update Content-Length header: Enable this to ensure the Content-Length header is updated with the correct length of the HTTP body when edited. This is crucial when the body is modified.
Automatically fix missing or extra new lines at the end of requests: Enable this to correct common mistakes in the interception view:
- Burp adds a blank line after the headers if one is missing.
- Burp removes any extra newline characters at the end of a body with URL-encoded parameters.
Interception for Web Sockets
These settings tell Burp which WebSocket messages to keep so that you can read and change them in the Intercept tab:
- Intercept client-to-server messages.
- Intercept server-to-client messages.
- Only intercept in-scope messages: Enable this to intercept only WebSocket messages where the upgrade request falls within the project’s target scope. Disable it to intercept all WebSocket messages, regardless of scope.
Response Modification
These settings determine whether Burp automatically modifies the HTML in application responses:
To remove client-side data controls:
- Unhide hidden form fields. Optionally, select “Prominently highlight unhidden fields” for easy identification.
- Enable disabled form fields.
- Remove input field length limits.
- Remove JavaScript form validation.
To disable client-side logic for testing:
- Remove all JavaScript.
- Remove <object> tags.
To perform sslstrip-like attacks on a victim user whose traffic is being proxied through Burp, Use these parameters in conjunction with the listener’s “Force use of TLS” setting to effectively remove TLS from the user’s connection:
- Convert HTTPS links to HTTP.
- Remove the secure flag from cookies.
HTTP and Websocket match and replace rules
The HTTP and WebSocket match and replace rules settings automatically modify parts of messages as they pass through the Proxy. These rules include various predefined options that can be enabled to assist with common tasks, though they are disabled by default.
To apply match and replace rules only to items within the project scope, select “Only apply to in-scope items.” For more information on setting a scope for your work, refer to “Scope settings – Target scope.”
Adding a Match and Replace Rule
To access the Add Match/Replace Rule dialog, click on the “Add” button.
Give specifics on the rule:
Type: Indicate the type of rule in HTTP requests (e.g., Request header or Response body).
Direction: Define the direction of WebSocket messages (Client-Server, Server-Client, or even Both Directions).
Match: Enter the string or regex pattern to match. The replacement string is added as a new header if an HTTP rule with the Request or Response header type is left blank.
Replace: Enter the string to replace the matched content. If left blank for an HTTP rule with the Request header or Response header type, any matching header is removed.
Comment: You can optionally include a rule description.
Choose Regex match if you want Burp to handle the match parameter like a regex.
Click OK. The new rule is automatically enabled.
Burp processes the enabled match and replaces rules sequentially for each message, making any applicable replacements. You can also edit, remove, or reorder rules using the Up and Down buttons.
