While on an assessment for a client I needed a way to intercept certain HTTP API calls and dynamically generate a response while allowing other calls to go through to the real application’s servers. I came across an extension for BurpSuite that allowed the user to select specific API calls to intercept and reply with static content, but I needed the ability to dynamically generate responses, so I added that functionality to the extension and published my changes. The extension now supports redirecting any HTTP request to any other URL, or replying to the call based on the contents of a file, or generating a response either by piping the content of the call to a program or by calling the program as a CGI script.
I spoke about and demo’d this extension at ToorCon 21. You can find my slides here.
You can find the original repository for the extension here and my updated fork on my work Github.