Skip to content

Burp Plugin - Conditional Match and Replace (CMAR)

License

Notifications You must be signed in to change notification settings

PortSwigger/conditional-match-and-replace

 
 

Repository files navigation

Conditional Match and Replace (CMAR)

An extension allowing you to create match and replace operations that execute only when a condition is matched (or not matched). The condition can be matched against the request Header/Body/All, or the response Header/Body/All. If the condition is matched, you can apply a match and replace rule against the specified area. You can create a condition that matches a request, then performs a match and replace in the response.

CMARs work in a chain, updating the request/response then moving to the next rule. If you have a CMAR that changes a request, and the subsequent rule matches a condition that was only present before the match and replace, it will not fire.

Conditions support regex and literal matching, as does the match and replace function.

Extension uses:

  • Changing caching on some files
  • Adding request headers (such as Authorization) to only some requests
  • Alter a common string in the response for only some pages/targets.
  • Change the target host or port a request is sent to

Screenshots:

Screenshot1 test

Building

gradle build outputs the jar into build/libs/cmar.jar.

Dependencies

CMAR only has one dependency, for the Burp Extender API (version 2.3), which all Burp Apps require. This is available in a Maven repository and should be fetched automatically if you use gradle to build. The hash for this jar is verified in newer versions of gradle.

TODO/bugs

Missing Features:

  • allow multiple conditions for a match
  • regex for target port during replace

Tests

Tests can be run by setting runTests = true in the BurpExtender.java file. Leave this disabled normally.

About

Burp Plugin - Conditional Match and Replace (CMAR)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Java 99.0%
  • HTML 1.0%