Work flow of JScriptor

JScriptor can help users modify all requests before they go out of Burpsuite and all responses before it is returned to the user. That means, JScriptor can be used with all requests coming from Proxy, Repeater, Intruder, Scanner, ...

GUI Explain

• Table Log: Request and Response which is modified is shown here if save log checkbox is checked
• Remove Log button: remove all log in Table Log
• Run pre-script checkbox: run pre-script
• Run post-script checkbox: run post-script
• Variable Setting: add variable to Burp project
• Pure Javascript Library: add file javascript to run with pre-script or post-script
• Nodejs Library: select node_modules directory to use node modules in pre-script or post-script. Example: If node_modules in C:\Users\admin\test\node_modules, we will select directory: C\Users\admin\test

How to create your code

To be able to write code, you need to use Javascript and available objects to do what you want. The end of your code is a variable or an object. If the end of the code is a jsresult object with data of HTTPRequest / HTTPResponse, the request / response will be modified, otherwise, that variable / object will be printed in the extension's output section. Example: If end of code is jsresult with data is HTTPRequest, request will be modified. Modified request will be shown in output of extension.

jsresult.request= jsrequest.withHeader("Hash", "123");
jsresult;

If the end of the code is not jsresult with true data, value of it will be shown in output of extension

let a = 1;
a;

If the code is errored, the error will be shown in error tab of extension.

jsenv.a.a

If error is very long, you should save it to file and read it.