PortSwigger · lopci · Apr 25, 2023
diff --git a/BappDescription.html b/BappDescription.html
@@ -6,10 +6,10 @@
 	<li>In the session handling options, create a rule which invokes the 
 	Randomizer action that is registered by the extension, and select a suitable 
 	scope for the rule.</li>
-	<li>Place the string #RANDOM# or #RANDOMNUM# into the relevant request at the location 
-	where a random value or number is required.</li>
+	<li>Place the string #RANDOM#, #RANDOMNUM# or deadbeef-1337-1337-1337-deadbeeeeeef into the relevant request at the location 
+	where a random value, random number or UUIDv4 string is required.</li>
 	<li>Let Burp operate on the request in the normal way (via Scanner, 
 	Intruder, etc.).</li>
-	<li>The extension will replace the string placeholder with a random value in 
-	each request.</li>
+	<li>The extension will replace the string placeholder with a random value or
+	an UUIDv4 string in each request.</li>
 </ul>
diff --git a/Burp-Randomizer.py b/Burp-Randomizer.py
@@ -18,13 +18,15 @@
 import re
 import string
 import random
+import uuid
 
 ### Configuration ###
 # Character set of generated tokens
 tokenCharset = string.ascii_letters + string.digits
 # String which is replaced with random token
 placeholder = "#RANDOM#"
 placeholderNum = "#RANDOMNUM#"
+placeholderUUID = "deadbeef-1337-1337-1337-deadbeeeeeef"
 # Length of generated token. WARNING: length of token must equal length of placeholder due to a bug in Burp 1.5.21 which cuts off requests under certain conditions.
 tokenLength = len(placeholder)
 tokenLengthNum = len(placeholderNum)
@@ -38,6 +40,7 @@ def registerExtenderCallbacks(self, callbacks):
         callbacks.setExtensionName("Randomizer")
         self.callbacks.registerSessionHandlingAction(self)
         self.out = callbacks.getStdout()
+        self.placeholderUUID = re.compile(placeholderUUID)
         self.placeholder = re.compile(placeholder)
         self.placeholderNum = re.compile(placeholderNum)
         random.seed()
@@ -51,5 +54,6 @@ def performAction(self, currentRequest, macroItems):
         randomToken = "".join([random.choice(tokenCharset) for i in range(tokenLength)])
         randomTokenNum = str(random.randint(10 ** (tokenLengthNum - 1), 10 ** (tokenLengthNum) - 1))
         request = self.placeholder.sub(randomToken, request)
+        request = self.placeholderUUID.sub(str(uuid.uuid4()), request)
         result = self.helpers.stringToBytes(self.placeholderNum.sub(randomTokenNum, request))
         currentRequest.setRequest(result)
diff --git a/README.md b/README.md
@@ -15,7 +15,8 @@ handling rule.
 Send the request to the Repeater/Intruder and put #RANDOM# where
 randomization is required. Then send this request to the Scanner,
 Intruder or some different tool. The extension now replaces each
-occurence of #RANDOM# with a random token and #RANDOMNUM# with random number.
+occurence of #RANDOM# with a random token, #RANDOMNUM# with a random number
+and deadbeef-1337-1337-1337-deadbeeeeeef with an UUIDv4 string.
 
 ## Configuration