How to Send both original and modified requests

[vikt0r101]

I want to send both the original and the modified request and then compare the results in the response, but I can't send 2 requests in handleRequestToBeSent(), in old APIs I can use callbacks.makeHttpRequest(), in new In the APIS, I haven't found a method yet. What should I do? Thanks.

[Hannah-PortSwigger]

Hi

The Montoya equivalent of callbacks.makeHttpRequest() is api.http().sendRequests().

You cannot use continueWith more than once, as you need to return a ProxyRequestToBeSentAction.

It sounds like the action you want to perform may be better off as a scan check, rather than done in the Proxy handler. AS you wish to make additional requests to the target site, this would be an active scan check.

[vikt0r101]

First of all, thank you for your advice. My idea is to send the original request and the modified request at the same time when I click on the page, and then compare the results in the response, so that I can achieve certain functions without doing other operations, so scan Maybe it doesn't quite meet my needs, thank you.

[Hannah-PortSwigger]

If you implemented this as an extension-generated scan check or as a BCheck and then had a live task running that ran either extension-generated scan checks or BCheck-generated checks, this would run automatically when you visit the page.

If you still felt that you needed to do this as part of the ProxyHandler, then you would need to send requests both to your target site and additional endpoint, compare the responses, and then still use continueWith to continue your traffic - resulting in a further request to your target site. Alternatively, you could drop the request instead of continuing. However, that would have an impact on your browsing.