Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
This is a template for a Burp extension that can be used as session handling macro action. It pulls an identifier (here: last part of location header from redirection response) from the first macro response and puts it in the given place of the current request (here: last URL path component). Adapt as needed at the places marked with "CONFIG" co…
from burp import (IBurpExtender, ISessionHandlingAction)
import re
class BurpExtender(IBurpExtender, ISessionHandlingAction):
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("Path Parameter Session Handling Action")
self.out = callbacks.getStdout()
# CONFIG: this RE matches the identifier from the first macro response
self.reFindID = re.compile("^Location:.*/(\\d+)", re.MULTILINE)
# CONFIG: this RE matches the part to replace with prefix as capture group 1 and suffix in capture group 2
self.reReplaceID = re.compile("^(GET|POST\s+.*/)\d+(\s+HTTP/)")
def log(self, msg):
self.out.write(msg + "\n")
### ISessionHandlingAction ###
def getActionName(self):
return "Replace Path Parameter"
def performAction(self, currentRequest, macroItems):
if macroItems != None:
mResponse = self.helpers.bytesToString(macroItems[0].getResponse())
#self.log("Processing response:\n" + mResponse)
match =
if match:
identifier =
self.log("Found identifier: " + identifier)
request = self.helpers.bytesToString(currentRequest.getRequest())
result = self.reReplaceID.sub("\\g<1>" + identifier + "\\g<2>", request)
self.log("No identifier found!")
self.log("No macro response found!")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.