Stepper icon indicating copy to clipboard operation
Stepper copied to clipboard
verified publisher icon CoreyD97

Scan Sequence

Open Hipapheralkus opened this issue 6 years ago • 5 comments

This extension is awesome for manual testing:) Would it be possible to implement "Scan Sequence"? So that Active Scan could transparently scan from the 1st request (with automatic insertion points) and bubble all the way transparently until the last request (which would be shown to the Scanner engine). I know using post-request macros, it could be possible, but not in all cases (especially when URL or HTTP Header is changing). My use-case:

Request 1:

POST /api/v1/CreateNew HTTP/1.1

{"comment":"Just a test", "name":"Johnny"}

Response 1:

HTTP/1.1 201 Created

{"Identifier":"123456789"}

Request 2 (note the change in URL, to use parsed value from the last response): GET /api/v1/GetByID/123456789

Response 2:

HTTP/1.1 200 OK

{"comment":"Just a test", "name":"Johnny", "status":"New", "id":"123456789"}

It is very easy to manually test this use-case using Stepper as I can parse response, and change the value of the last Request URL, however routing everything through the Scan engine would be awesome:)

Hipapheralkus avatar Dec 10 '19 13:12 Hipapheralkus

This is something that is do-able, however might result in unintended consequences. If everything is passed to active scan, a request sent by active scan (before stepper has sent its next request) may break the flow of the sequence e.g. active scan request results in session being logged out, or some other request that interferes with the intended sequence.

Would a passive scan of each of the responses still be suitable for your use-case?

CoreyD97 avatar Dec 23 '19 16:12 CoreyD97

Hey, sorry on the delay in getting to this request. I've just implemented the ability to trigger a sequence before a request is executed and thought I might be able to do something similar with executing a sequence after a request also however I don't believe this would solve your problem as active-scan would not analyse the response of request 2 :(

CoreyD97 avatar Jul 02 '20 10:07 CoreyD97

I would like to see a feature as well that make Stepper a Makro extension, meaning allowing to send requests before and after a certain Active Scanned request. I don't know the Makro-Extension Burp API enough to give specific ideas, but I think if Stepper achieves active scanning of a request in the middle, this could be very helpful.

floyd-fuh avatar Jul 08 '20 15:07 floyd-fuh

@CoreyD97 to make Stepper work with the scanner would it be possible to do the following in processHttpMessage:

  1. Retrieve the request generated by the scanner from the IHttpRequestResponse param and replace the first step in a Stepper sequence with it (or maybe just add it to the start of a sequence).
  2. Execute the complete sequence.
  3. Update the IHttpRequestResponse with the request & response of last message in sequence.

tomdottom avatar Dec 28 '21 17:12 tomdottom

@tomdottom

That's a good idea, and will likely be a good solution here. Unfortunately, a lot of the current issues need quite a big rewrite of the extension's core functionality to allow multiple instances of the same sequence to be executed concurrently. Once that is complete, I'll implement this as you've suggested and update this ticket with a release to try. Unfortunately, I can't give any time frame for this, as I've been quite busy for a while!

CoreyD97 avatar Apr 08 '22 08:04 CoreyD97