Security Advisories

Trustwave Press Releases

« Using Mobile Applications for attacking Web Applications | Main | Smart Phone + Mail Server = Location Tracking »

27 September 2012


Blubbfiction & Trevor: You are right, I was not aware that Burp's macros could do this when I started working on this extension. The main advantage to the approach I'm taking is ease of use and less setup work -- you will not need to keep rules, you just select one or more anti-CSRF parameters from a source URL, and their values will be properly populated when used together with Intruder.

If Burp Extender offered a way to interface with the macro functionality, then I would probably turn this into an easier interface for the current implementation. At least we will have a nice description on how to extend Burp using the Extender, or so I hope. :)

Blubbfiction is right, this can all be done with session handling rules and macros. What added benefit does your tool provide?

What is the advantage to burps session handling rules?

Go way, use "recursive grep".

Fantastish. I love it, well done guys. keep it up

damn grt.. keep it up.. :)

Good stuff, burp should integrate antixsrf on intruder by default.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment