There’s a BApp for that: AutoRepeater
Published in
Aug 13, 2024
AutoRepeater
Automated HTTP Request Repeating with Burp Suite. Great for finding IDOR, XXE, Access Control Issues and more.
Installation
Extensions > BApp Store > Auto Repeater > Select “Install”
Usage
Navigate to the “AutoRepeater” Tab
Add “Base Replacements”
Example 1: Privilege Escalation (replaces all false to true)
Example 2: XXE (changes json to xml to see if the website accepts the content type change for potential XXE insertion points)
Example 3: Access Control (testing by replacing UUID’s)
Example 4: Match and Replace Cookie’s (for different accounts to check for privilege escalation, forced browsing and more..)
Enabling the tool:
(off)
(on)
Now just crawl the site as you normally would, and this tool will do all the rules you set as separate requests and give you the results: