Initial When on Request but want to edit Response

[AkikoOrenji]

I'm trying to edit a server response to request 1 based a server response from request 2 being triggered using Send Request.
This is so when the burp scanner makes a request it actually sees the response from a request to another URL since that's where the payload or error messages messages end up.
I have the When Event Direction as Request, I use a send request to gather the real response i want and assign it to a variable, then and use Set Value to the Response Message but looking in logger or repeater i dont see the modification.
I've also tried using Run Rules with a separate rule where the When is set to Event Direction - Request however the logs say this isn't being triggered as the Event Direction is Request as per the original, and not per the new rule itself.

I suspect its not possible but it would be good if someone could confirm or suggest an alternative.

[ddwightx]

I have the When Event Direction as Request, I use a send request to gather the real response i want and assign it to a variable, then and use Set Value to the Response Message but looking in logger or repeater i dont see the modification.

If I'm understanding correctly, you're missing the Then Set Event Direction -> Response. This is similar to this example: https://synfron.github.io/ReshaperForBurp/Examples.html#tip4

[AkikoOrenji]

Thanks. I tried this but i get a 404 message in the response in repeater rather than what was supposed to be sent.

From logger if i send the repeater request (where the response was supposed to be modified after Set Event Direction) back to repeater i can see the Reshaper-ID header and the modified target which which is the loopback. It appears this loopback can't handle this reshaper request hence the 404.

Burp v2024.12.1 on Windows 10.

[ddwightx]

You will be unable to re-send the request to the loopback that was displayed in Logger. The loopback expires the response after use. The loopback does not generate 404s itself, so that must be coming from somewhere else. The loopback only ever sends the response it has mapped to Reshaper ID or closes the connection otherwise.

The 404 you are seeing is most likely the response from the Send Request. Logger should be showing the request and response for that with Extension as the Tool.

Do you have Event Diagnostics enabled in the Settings? If so, does the detail shown in the Logs tab make sense? You make need to add some Then Log actions in various places if the Event Diagnostics aren't detailed enough.

[AkikoOrenji]

Thanks for the help.
I've just noticed that according to the example document you sent it specifically says the example usage is 'Auto-respond to requests without first sending a request to an external server'

I guess this doesn't directly align with what I'm trying to accomplish so maybe that's part of the problem.

1. I need to send the original request to the server to store the payload. So this actually needs to go all the way through to the server rather than have Reshaper just mock a response.
2. Send request 2 to trigger an action on the server (that uses the payload delivered by the first request) and gather the server response.
3. Send back the server response from request 2 as the server response from request 1.

The rule is configured as per the below

If the above isn't actually possible we can probably leave it there but i did some further troubleshooting and i noticed the following error.

"Sanity Check - Warning: The request changed but the data direction is set to Response. Your changes may have no impact. Consider using 'When Data Direction' or 'Then Set Data Direction' to restrict or change the data direction."

I tried switching the order of Set Event Direction and Set Value which made no difference.
Just to prove that it worked at some level while the order was swapped i also changed Set value to Request message which ended up sending the server response from request 2 as the request body for the first request (though i expected that Set Event Direction > Response was below Set Value > Request this may work as i wanted it to)

Just to ensure it wasn't an upstream proxy or routing issue i actually changed burp to use a socks proxy via SSH tunnel taking it closer to the web server. When i did this the initial request fails with burp itself showing 'Malformed reply from SOCKS server'.
As soon as i remove Set Event Direction entirely from the rule or set is to Set Event Direction > Request this error goes away.
This leads me to think there is some sort of problem when using Set Event Direction > Response when using upstream proxies with Burp.
Is that a know issue ?

[ddwightx]

When Set Event Direction > Request is set, instead of the original request going to original target server, the request goes to a local server created by Reshaper that returns the canned response. Assuming you are using Burp's upstream proxy server settings, it could be that Burp is sending the request that is supposed to hit the local server to the proxy and the proxy is unable to connect to it.

I guess this doesn't directly align with what I'm trying to accomplish so maybe that's part of the problem.

1. I need to send the original request to the server to store the payload. So this actually needs to go all the way through to the server rather than have Reshaper just mock a response.
2. Send request 2 to trigger an action on the server (that uses the payload delivered by the first request) and gather the server response.
3. Send back the server response from request 2 as the server response from request 1.

Ah, thanks for the extra details. Those were important. You need to have this setup:

1. When Event Direction > Response
2. When Matches Text
3. Then Send Request
4. Then Set Value > Response Message

Note, it's the When Event Direction > Response that says that the rule should execute after the original request got a response.

[AkikoOrenji]

thanks. that sorted out what i was trying to accomplish.