So, thats how you can connect your application to the burp suite and can intercept the response of the services to manually test the application for different cases. Production_companies : map map map map map map ] Poster_path : /adw6Lq9FiC9zjYEpOqfq03ituwp.jpg Their concept catches on, with underground "fight clubs" forming in every town, until an eccentric gets in the way and ignites an out -of -control spiral toward oblivion. Overview :A ticking -time -bomb insomniac and a slippery soap salesman channel primal male aggression into a shocking new form of therapy. Response: map [adult : falseīackdrop_path : /mMZRKb3NVo5ZeSPEIaNW9buLWQ0.jpg belongs_to_collection : < nil > Once the application receives this response we just print it to the console and you could see that the name of the movie is now Fight Pub and the rating is 9.4 which is what we modified in the response. Then click the forward button again to forward the response to the golang app. Now, run the go application and you will see that the request is captured by the burp suite as follows:: When the request is capturedĪfter you see the above screen click on the Action button and click Do intercept with Response to this request:: Select intercept responseĪfter clicking the Forward button, burp suite will call the actual service and will open the editor where you can edit the response, this movie is "Flight Club" movie and I have changed the movie name to Fight Pub and rating from 8.4 to 9.4. Then start the interceptor:: Enable Intercept Let's now start the burp suite and configure the intercept rule to only run when the domain matches :: Add themoviedb domain to intercept criteria Then we do a normal GET request to the api which will get the details of the movie id 550. Decode ( & data )Īs you can see in the above code, we create an HTTP client with custom Transport set to proxy URL which is configured in the environment setting of the application, for burp suite the URL is The TLSClient config is configured to skip ssl certificate verification using InsecureSkipVerify:true. This is where Burp suites will help, Burp suites acts like a proxy that will call the actual service on behalf of you and then provides you with tools that can help to easily modify the response and send it back to your application.įor this post, I will be consuming API's to see details of "Fight Club" movie, and then I will write an application in golang which will connect to Burp Suite, there we modify the response using Burpsuite UI and print the modified response in the console which is received by our application. However, sometimes when we do manual testing and we want a way to mock the service response we need some mechanism to intercept the service response and modify the response. Normally, we do write an integration test where we mock the service response using wiremock and then write the test for such edge cases. Recently, I came across the same situation where I was looking for a way to change the response of the service that I was consuming and instead of mocking the entire service using a tool like Postman or wire mock, I wanted to hit the actual service and then change a few fields to see if my error handling works as per the expectations. Have you ever come across a scenario where you want your code to call a dependent service however need to change the response so that you can test how different your code will behave to different data?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |