Burplay

Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.


Request List

Add requests to Burplay from Proxy -> HTTP History or Target -> Site map ->Contents table by choosing "Send to Replay" from the context menu.


Modifications

Define any number of modifications by adding them to the modifications table. They will be applied to the base requests ("Original" tab).
Four types of modifications are available:

For each modification, if no Header/Cookie/parameter exists in the base request, it will be added, otherwise modified.


Sessions

You can define a Burplay session in any Request/Response Editor within Burp by selecting text (typically "SESSIONID=sessionid") and choosing "Define Burplay session" from the context menu.


The session will be added to the Sessions table and can be applied as a modification with "Apply" button.
Only cookie-based session identifiers are currently supported.


Details

Details tabs on the right hand side show the original set of requests (base requests) and each replay round in numbered tabs. You can compare responses manually or use Burp Comparer.