You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An extension allowing you to create match and replace operations that execute only when a condition is matched (or not matched). The condition can be matched against the request Header/Body/All, or the response Header/Body/All. If the condition is matched, you can apply a match and replace rule against the specified area. You can create a condition that matches a request, then performs a match and replace in the response.
CMARs work in a chain, updating the request/response then moving to the next rule. If you have a CMAR that changes a request, and the subsequent rule matches a condition that was only present before the match and replace, it will not fire.
Conditions support regex and literal matching, as does the match and replace function.
Extension uses:
Changing caching on some files
Adding request headers (such as Authorization) to only some requests
Alter a common string in the response for only some pages/targets.
Change the target host or port a request is sent to
Screenshots:
Building
gradle build outputs the jar into build/libs/cmar.jar.
Dependencies
CMAR only has one dependency, for the Burp Extender API (version 2.3), which all Burp Apps require. This is available in a Maven repository and should be fetched automatically if you use gradle to build. The hash for this jar is verified in newer versions of gradle.
TODO/bugs
Missing Features:
allow multiple conditions for a match
regex for target port during replace
Tests
Tests can be run by setting runTests = true in the BurpExtender.java file. Leave this disabled normally.
About
Burp Plugin - Conditional Match and Replace (CMAR)
