The Spanner logo

    Burp Hackvertor v2.1.24 release

    Back to articles

    hackvertor

    Author:

    Gareth Heyes

    @hackvertor

    Published 14 days ago
    Published: Tue, 23 Sep 2025 16:59:48 GMT
    Updated: Tue, 23 Sep 2025 17:10:34 GMT
    Read time: ⏱️ 4 min read

    Hackvertor logo on a background of binary

    I finally found some time to work through Hackvertor issues - cut the backlog from 20 down to 6. There were a bunch of interesting bugs and several good feature requests; one in particular stands out:

    Tag Automator

    This idea came from Soroush Dalili (he called it "Hackvertor profiles"). I renamed it Hackvertor Tag Automator because that name describes the feature more precisely.

    Tag Automator lets you use Python to inspect a request or response, detect data, and automatically wrap matched parts in Hackvertor tags. In the analysis stage your Python code locates data and returns start/end positions (you can return multiple matches). Any matches are passed to the modification stage, where another Python snippet can decode the data and wrap it with the appropriate tags. It’s a simple way to automate repetitive conversions and speed up your workflow.

    How to use Tag Automator

    We’ll use JWT as an example. The example automation finds JWT tokens in a request, decodes them, and wraps decoded values with tags. Tag Automator supports two rule types: Context Menu and HTTP.

    We want this rule to run from the right-click menu, so we’ll create a Context Menu rule. Steps:

    1. Click the Hackvertor menu bar at the top.
    2. Click Tag Automator.
    3. Click the New rule button at the bottom.
    4. Choose jwt from the examples list.
    5. Click Create at the bottom.

    This creates a rule that operates on the request and appears in the context menu when you right-click. Try it with a request that contains a JWT token - here’s a sample token you can use:

    eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.7TNtfdcRCraA6JxwuKlByAryTktb653DD-Ve951DHSY

    To test in Repeater:

    1. Open Repeater and paste any request (for example, https://portswigger-labs.net) then replace the host/URL as needed.
    2. Add a new header named token and paste the JWT above as the header’s value.
    3. Right-click the request → Extensions → Hackvertor → Apply Tag Automation → jwt.

    If successful, the JWT will be decoded and the decoded parts will be wrapped with Hackvertor tags - a real time saver when you’re working with many tokens.

    Calling AI

    Tag Automator is built on Hackvertor’s custom tag system, and it’s possible to call Burp’s AI functionality directly from Python using the provided convert() function. Choose the AI example instead of jwt to see this in action. In the modification script an example looks like:

    temp = "1.0"
prompt = "Crack this hash"

decoded = convert("<@ai('" + temp + "','" + prompt + "','" + executionKey + "')>" + input + "</@ai>")
output = "<@md5>" + decoded + "</@md5>"

    Explanation

    • temp sets the temperature for the AI call.
    • prompt is the instruction sent to the AI.
    • convert() wraps a Hackvertor AI tag and sends input for processing; it requires the executionKey.
    • Special variables available inside the script:
      • input — provided automatically by Hackvertor; contains the matched input.
      • executionKey — the tag execution key used to protect tags that perform sensitive operations.
      • output — whatever you assign to this becomes the result Hackvertor inserts.

    You can call convert() from custom tags as well - combining automation and AI makes Hackvertor especially powerful.

    Find and replace

    I’ve added find-and-replace functionality for both the input and output in Hackvertor. To use it, open the main Hackvertor tab, click the Search tags combo box beneath the buttons, and select find & replace input or find & replace output.

    Context tag improvements

    When making an HTTP request in Repeater you can use context tags to access parts of the request (body, headers, etc.) from inside a tag. I added a context_request tag that returns the entire HTTP request (start-line, headers and body) so you can inspect or transform the full message from within Hackvertor.

    Other improvements and bug fixes

    There are been many more improvements and bug fixes I'll list a few

    • Fixed UTF-7 encoding and decoding
    • Increased custom param name length
    • Added a read_file tag resolves #86
    • Added timeout to system commands fixes #87

    I tried to resolve as many issues as I could and I hope you enjoy this release! You can grab it from the BApp store: Hackvertor v2.1.24

    Back to articles