Awesome
Conditional Match and Replace (CMAR)
An extension allowing you to create match and replace operations that execute only when a condition is matched (or not matched). The condition can be matched against the request Header/Body/All, or the response Header/Body/All. If the condition is matched, you can apply a match and replace rule against the specified area. You can create a condition that matches a request, then performs a match and replace in the response.
CMARs work in a chain, updating the request/response then moving to the next rule. If you have a CMAR that changes a request, and the subsequent rule matches a condition that was only present before the match and replace, it will not fire.
Conditions support regex and literal matching, as does the match and replace function.
Extension uses:
- Changing caching on some files
- Adding request headers (such as Authorization) to only some requests
- Alter a common string in the response for only some pages/targets.
- Change the target host or port a request is sent to
Screenshots:
Building
gradle build
outputs the jar into build/libs/cmar.jar.
Dependencies
CMAR only has one dependency, for the Burp Extender API (version 2.3), which all Burp Apps require. This is available in a Maven repository and should be fetched automatically if you use gradle to build. The hash for this jar is verified in newer versions of gradle.
TODO/bugs
Missing Features:
- allow multiple conditions for a match
- regex for target port during replace
Tests
Tests can be run by setting runTests = true
in the BurpExtender.java file. Leave this disabled normally.