Example Usage
- Use a value from one HTTP message in a following HTTP message
- Redirect a request to a different server
- Change a value in a returned response
- Auto-respond to requests without first sending a request to an external server (response mocking)
- Drop a request so it is not sent to an external server (Works on all supported tools: Proxy, Repeater, Intruder, Scanner, Target, Extender (other extensions))
- Share or backup/restore Global Variables and Rules
Use a value from one HTTP message in a following HTTP message:
In the example below, we are taking the Authorization
header from www.example.org
requests, storing it in a variable, and setting it on www.example.com
requests.
- Open the
HTTP Rules
tab. - Create a Rule.
- Set the
Rule Name
toGet www.example.org Authorization
. - Add When ->
Event Direction
(if not already added). - Change
Event Direction
toRequest
. - Add When ->
Matches Text
. - Change
Message Value
toDestination Address
. - Set
Match Text
towww.example.org
. - Add Then ->
Set Variable
. - Change
Source Message Value
toRequest Header
. - Set
Source Identifier
toAuthorization
. - Set
Destination Variable Name
toexampleAuth
. - At the bottom right of the window, check
Enabled
and clickSave
. - Create another Rule.
- Set the
Rule Name
toSet www.example.com Authorization
. - Add When ->
Event Direction
(if not already added). - Change
Event Direction
toRequest
. - Add When ->
Matches Text
. - Change
Message Value
toDestination Address
. - Set
Match Text
towww.example.com
. - Add Then ->
Set Value
. - Set
Text
to{{global:exampleAuth}}
. - Change
Destination Message Value
toRequest Header
. - Set
Destination Identifier
toAuthorization
. - At the bottom right of the window, check
Enabled
and clickSave
.
Redirect a request to a different server:
In the example below, we are redirecting from www.example.org
to www.example.com
by setting the URL and using a message variable to make sure we keep the page path.
- Open the
HTTP Rules
tab. - Create or open a Rule.
- Set a
Rule Name
and add other Whens and Thens as needed. - Add When ->
Event Direction
(if not already added). - Change
Event Direction
toRequest
. - Add Then ->
Set Value
. - Set
Text
tohttps://www.example.com
. - Change
Destination Message Value
toURL
. - At the bottom right of the window, check
Enabled
and clickSave
.
Change a value in a returned response:
In the example below, we tell the browser to allow any origin by overriding the Access-Control-Allow-Origin
response header.
- Open the
HTTP Rules
tab. - Create or open a Rule.
- Set a
Rule Name
and add other Whens and Thens as needed. - Add When ->
Event Direction
(if not already added). - Change
Event Direction
toResponse
. - Add Then ->
Set Value
. - Set
Text
to*
. - Change
Destination Message Value
toRequest Header
. - Set
Destination Identifier
toAccess-Control-Allow-Origin
. - At the bottom right of the window, check
Enabled
and clickSave
.
Auto-respond to requests without first sending a request to an external server (response mocking):
- Open the
Global Variables
tab. - Add a new Variable.
- Set a
Variable Name
. We will usemockResponse
for this example. - Paste the full response text (including headers and body) in
Variable Text
. - Open the
HTTP Rules
tab. - Create or open a Rule.
- Set a
Rule Name
and add other Whens and Thens as needed. - Add When ->
Event Direction
(if not already added). - Change
Event Direction
toRequest
. - Add Then ->
Set Event Direction
. - Change
Event Direction
toResponse
. - Add Then ->
Set Value
. - Set
Text
to{{global:mockResponse}}
. - Change
Destination Message Value
toResponse Message
. - At the bottom right of the window, check
Enabled
and clickSave
.
Drop a request so that it is not sent to an external server:
The example of drop requests below works on all supported tools: Proxy, Repeater, Intruder, Scanner, Target, Extender (other extensions).
- Open the
Settings
tab. - Ensure the tool is selected under
Capture Traffic From:
- Open the
HTTP Rules
tab. - Create or open a Rule.
- Set a
Rule Name
and add other Whens and Thens as needed. - Add When ->
Event Direction
(if not already added). - Change
Event Direction
toRequest
. - (Optional) If requests are being received from multiple tools:
- Add When ->
From Tool
. - Set
Tool
to the tool the request will come from.
- Add When ->
- Add Then ->
Drop
. - Check
Drop Message
. - At the bottom right of the window, check
Enabled
and clickSave
.
Share or backup/restore Global Variables and Rules:
Export the relevant items:
- Open the
Global Variables
tab. - Ensure relevant all variables are checked as
Persistent
and saved. - Open the
Settings
tab. - In the
Export
section, clickRefresh Lists
. - Check the checkboxes next to the names of relevant Rules and Global Variables that you want to export. Uncheck any others.
- Click
Export Data
. - Choose a save location and name for the export data file.
Import the exported data file:
- Open the
Settings
tab. - (Optional) In the
Import
section, CheckOverride Duplicates
to overwrite any Rules or Global Variables that have the same name as those to be imported. - Click
Import Data
. - Navigate to the location of the export data file, select it, and click
Open
.