Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/CyberCX-STA/cmar

Burp Plugin - Conditional Match and Replace (CMAR)
https://github.com/CyberCX-STA/cmar

Last synced: 24 days ago
JSON representation

Burp Plugin - Conditional Match and Replace (CMAR)

Host: GitHub
URL: https://github.com/CyberCX-STA/cmar
Owner: CyberCX-STA
License: mit
Created: 2023-04-20T02:15:08.000Z (over 1 year ago)
Default Branch: master
Last Pushed: 2023-04-27T20:48:35.000Z (over 1 year ago)
Last Synced: 2024-08-04T00:04:34.058Z (4 months ago)
Language: Java
Size: 299 KB
Stars: 1
Watchers: 6
Forks: 2
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

awesome-burp-extensions - Conditional Match and Replace (CMAR) - An extension allowing you to create match and replace operations that execute only when a condition is matched (or not matched). The condition can be matched against the request Header/Body/All, or the response Header/Body/All. If the condition is matched, you can apply a match and replace rule against the specified area. You can create a condition that matches a request, then performs a match and replace in the response. (Custom Features)

README

Conditional Match and Replace (CMAR)

An extension allowing you to create match and replace operations that execute only when a condition is matched (or not matched). The condition can be matched against the request Header/Body/All, or the response Header/Body/All. If the condition is matched, you can apply a match and replace rule against the specified area. You can create a condition that matches a request, then performs a match and replace in the response.

CMARs work in a chain, updating the request/response then moving to the next rule. *If you have a CMAR that changes a request, and the subsequent rule matches a condition that was only present before the match and replace, it will not fire.*

Conditions support regex and literal matching, as does the match and replace function.

### Extension uses:
* Changing caching on some files
* Adding request headers (such as Authorization) to only some requests
* Alter a common string in the response for only some pages/targets.
* Change the target host or port a request is sent to

### Screenshots:
![Screenshot1](cmar1.png)
![test](cmar2.png)

### Building

`gradle build` outputs the jar into build/libs/cmar.jar.

### Dependencies

CMAR only has one dependency, for the Burp Extender API (version 2.3), which all Burp Apps require. This is available [in a Maven repository](https://mvnrepository.com/artifact/net.portswigger.burp.extender/burp-extender-api/2.3) and should be fetched automatically if you use gradle to build. The hash for this jar is verified in newer versions of gradle.

### TODO/bugs

### Missing Features:
* allow multiple conditions for a match
* regex for target port during replace

### Tests

Tests can be run by setting `runTests = true` in the BurpExtender.java file. Leave this disabled normally.