Logo

Post history

Sending traffic to BurpSuite

10 May 2020 - cr0hn


In the previous post post we talked about how to store navigation traffic in a session file. Now we’ll use this file to send it to a proxy, like BurpSuite or OWASP ZAP Proxy

As part of APICheck tool set there’s available the Send-to-proxy tool. This tool reads from stdin and sends each APICheck Data Objects to a proxy.

We’ll use the session file that we generated in previous post to send it to BurpSuite:

First we check the BurpSuite listen port:

BurpSuite Config

Second, we’ll install the send-to-proxy tool:

acp install send-to-proxy

Then, we send the session to the proxy:

$ cat sessions.data | send-to-proxy http://127.0.0.1:9000
[*] Request sent: 'https://cr0hn.com:443/'
[*] Request sent: 'https://cr0hn.com:443/wp-includes/css/dist/block-library/style.min.css'
[*] Request sent: 'https://cr0hn.com:443/wp-includes/css/dist/block-library/theme.min.css'
[*] Request sent: 'https://cr0hn.com:443/wp-content/plugins/card-elements-for-elementor/assets/css/common-card-style.css'
[*] Request sent: 'https://cr0hn.com:443/wp-content/plugins/card-elements-for-elementor/assets/css/testimonial-card-style.css'
...

Now we check that all the requests were received by the proxy:

BurpSuite received data