Simple python script to make multiple raw requests from Burp

* Open your Burp.
* Copy requests from Repeater.
* Store them in txt files. One request per file.
* Edit/Set auth cookies inside script.
* Run

python call_burp_requests.py

Download
https://gist.github.com/maldevel/a19cc1a959023f40518c48a95448c3b9

import requests
import os 
 
proxies = {
  'http': 'http://127.0.0.1:8080',
  'https': 'http://127.0.0.1:8080',
}
 
protocol = 'https'
xsrf = 'xsrf-token'
auth_cookie = 'sessionid=blah-blah-blah'
dir_requests = '/path/to/requests'
 
headers = {}
method = ''
uri = ''
post_data = ''
 
for ff in os.listdir(dir_requests):
    if ff.endswith(".txt"):
        print '\n\n----------\nProcessing file {}\n'.format(ff)
 
        with open(ff) as f:
            index = 0
 
            for line in f:                
                if index == 0:
                    first_line = line
                    if ' ' not in first_line:
                        raise Exception('You had one job!')
 
                    first_line = first_line.split(' ')
                    method = first_line[0].lower() #GET POST etc
                    uri = first_line[1]
                index = 1
 
                if ':' in line:
                    words = line.split(':', 1)
                    headers[words[0].strip()] = words[1].strip()
 
                if line.strip() == '':
                    post_data = f.next()
 
        url = '{}://{}{}'.format(protocol, headers['Host'], uri)
        headers['Cookie'] = auth_cookie
        headers['X-XSRF-TOKEN'] = xsrf 
 
        r = getattr(requests, method)(url, proxies=proxies, verify=False, headers=headers, data=post_data)
 
        print 'HTTP/1.1 {} {}'.format(r.status_code, requests.status_codes._codes[r.status_code][0].upper())
 
        for header, value in r.headers.iteritems():
            print '%s: %s' % (header, value)
 
        print ''
print r.content

Get Request Sample

GET /path/to/web/resource HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Accept: text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-XSRF-TOKEN: 
Referer: http://example.com/
Cookie: 
Connection: close
Cache-Control: max-age=0

Post Request Sample

POST /path/to/web/resource HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0
Accept: text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
X-XSRF-TOKEN: 
Referer: http://example.com/
Cookie: 
Connection: close
Content-Length: 25
 
mydata1=blah&mydata2=blah
Categories: Burp, Python Tags: , , ,
%d bloggers like this: