Burp Suite: Match And Replace

3 min readApr 6, 2021


Burp suite’s proxy options have an option called “Match and replace” available. This option has many rich uses that can help us automate our testing process. With some smart uses of this amazing option, we can automatically test for CSRF, IDOR, command injection,.. by just clicking around in the application! Let’s explore this magical tool and it’s many options.

Replacing authorization headers

Since authorize basically just matches the authorization headers and attempts to replace them…


No b*llshit Hacking tutorials with extreme value in short bursts