LabEx
Log InJoin Free

Send a Request to Repeater in Burp Suite

Beginner
Practice Now

Introduction

Burp Suite is an essential toolkit for web application security testing. One of its most powerful features is the Repeater tool, which allows you to manually edit and resend individual HTTP requests, and analyze the application's response. This is invaluable for testing for vulnerabilities, confirming findings, and understanding application logic.

In this lab, you will learn the basic but crucial workflow of sending a request from Burp's Proxy history to the Repeater tool. This is the first step in performing any manual request manipulation.

Browse to a Target Application

In this step, you will start Burp Suite and browse to a simple web application. This action will generate HTTP traffic that Burp's Proxy can intercept and log.

First, let's launch Burp Suite. You can find it in the application menu or by searching for it. Once it's open, select the temporary project option and click "Next", then "Start Burp".

Next, open the web browser provided in the lab environment. The browser is already configured to send its traffic through the Burp Suite proxy.

Navigate to the target application by entering the following URL into the browser's address bar:

http://127.0.0.1:8000

You should see a simple welcome page. This interaction has now been logged by Burp Suite.

Find a Request in the Proxy > HTTP History Tab

In this step, you will find the request you just made in Burp Suite's Proxy history. Every request that passes through the proxy is recorded here, providing a complete log of your browsing activity.

Switch your focus from the browser to the Burp Suite window.

  1. Click on the Proxy tab at the top.
  2. Within the Proxy tab, click on the HTTP history sub-tab.

You will see a table listing all the HTTP requests your browser has made. Look for the request to your target application. It will have 127.0.0.1 in the Host column and / in the URL column.

##   Host          Method  URL   Params  Edited  Status  ...
----------------------------------------------------------
1   127.0.0.1     GET     /     No      No      200     ...
2   ...           ...     ...   ...     ...     ...     ...

Click on this request in the table to select it. You will see the full request and response details in the panels below the table.

Right-Click the Request

In this step, you will open the context menu for the selected request. This menu is the primary way to interact with requests and send them to other Burp Suite tools for further analysis.

With the GET / request to 127.0.0.1 still selected in the HTTP history table, right-click anywhere on that line.

A large context menu will appear. This menu contains a wide variety of actions you can perform on the request, such as:

  • Send to Repeater
  • Send to Intruder
  • Send to Sequencer
  • Do an active scan
  • Save item

For this lab, we are interested in the Send to Repeater option.

Select 'Send to Repeater' from the Context Menu

In this step, you will execute the action to send the captured request to the Burp Repeater tool.

With the context menu still open, move your mouse cursor over the Send to Repeater option and click it.

Alternatively, you can use the keyboard shortcut. With the request selected, simply press Ctrl+R.

This action does not move the request; it copies it. The original request will remain in your Proxy history log. A copy is now queued up in the Repeater tool, ready for you to work with. You may notice the Repeater tab at the top of the Burp Suite window has changed color (e.g., to orange) to indicate it has received a new item.

Verify the Request Appears in a New Repeater Tab

In this step, you will navigate to the Repeater tool and confirm that the request has arrived successfully.

Click on the main Repeater tab at the top of the Burp Suite window.

You will see the Repeater interface, which is split into two main panels:

  • Request Panel (Left): This panel contains the raw HTTP request that you just sent. You can see the GET / HTTP/1.1 line, the Host: 127.0.0.1:8000 header, and other request headers. This entire panel is editable.
  • Response Panel (Right): This panel is initially empty. It will display the server's response after you send the request.

Confirm that the request details in the left panel match the request you selected from the Proxy history. To complete the cycle, click the Send button located at the top of the request panel. The server's response will then appear in the right-hand panel.

You have now successfully moved a request from the Proxy to the Repeater, ready for manual testing.

Summary

In this lab, you have learned a fundamental skill for using Burp Suite effectively. You successfully captured an HTTP request using the Proxy, located it in the HTTP history, and sent it to the Repeater tool for manual analysis.

This workflow—Proxy to Repeater—is the foundation for countless web security tests, allowing you to manipulate requests on the fly to probe for vulnerabilities like SQL injection, Cross-Site Scripting (XSS), and insecure direct object references. Congratulations on completing this essential step in mastering Burp Suite.