The Repeater page in the Settings dialog contains settings for the following:
You can override the settings selected in the Settings dialog for an individual Repeater tab. For more information, see Configuring tab-specific settings.
Otherwise, these global settings apply to all Repeater tabs.
These settings control whether Repeater reuses TCP connections, and whether it can send HTTP/2 requests when the server doesn't advertise HTTP/2 support.
The following settings are available:
The Connections settings are project settings. They apply to the current project only.
These settings control Repeater's behavior when sending or receiving messages. The following settings are available:
(\r) to any lines that end with a newline character (\n). The carriage return appends immediately before the newline, which reduces the risk of sending an invalid request. You can disable this setting when you intentionally omit the newline to test for vulnerabilities such as request smuggling.
Connection header from HTTP/2 requests before the requests are sent. Many HTTP/2 servers reject requests that contain this header. You can disable this setting to see how the server responds when it receives a HTTP/2 request with a Connection header.
The Message modification settings are project settings. They apply to the current project only.
These settings control how Repeater handles redirection responses.
You can control whether Repeater follows redirects automatically. The following options are available:
Repeater displays a Follow redirection button if it receives a redirect response that it is not configured to follow automatically. Click this button to follow the redirect. This enables you to manually step through a redirection sequence.
If you enable this setting, Burp resubmits any cookies set in the redirect response when it follows the redirection target.
This setting controls whether Repeater uses the protocol selected under the Request Attributes field in Burp Inspector to follow any cross-domain redirects. By default, this setting is disabled and Repeater negotiates protocol as normal.
You may wish to enable this setting when you test for HTTP/2-specific vulnerabilities that trigger cross-domain requests.
The Redirects settings are project settings. They apply to the current project only.
Streaming responses remain open and deliver data continuously. When Burp Repeater handles a streaming response, it updates the response panel in real time as data is received.
This setting controls how long Repeater keeps a streaming connection open. By default, it's set to 600 seconds (10 minutes).
To turn off the timeout, set it to 0.
The Streaming responses setting is a project setting. It applies to the current project only.
You can configure how Burp detects and handles streaming responses in the Settings dialog under Network > HTTP > Streaming responses. For more information, see Streaming responses.
This setting enables you to specify the tab group that new requests are added to when you send them to Repeater.
Use the drop-down menu to specify the tab group that you want to add new requests to.
Before you use this setting, create a tab group in Repeater. For more information, see Managing tab groups.
This setting doesn't influence new request tabs that you create within Repeater. These aren't allocated to a group when they're created.
The Default tab group setting is a project setting. It applies to the current project only.
This setting controls the default tab view in Repeater. The following options are available:
The Tab view setting is a user setting. It applies to all installations of Burp on your machine.