Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

auto login

hong | Last updated: Mar 24, 2017 04:07PM UTC

Hi, Burp offers macro to auto login. I was able to record macro, and the macro will add new cookies in the cookie jar, and the subsequent requests use the new cookies. However, the subsequent requests need one additional string in the request header (not in cookie), otherwise the requests will fail. This additional string, (for CSRF attack) is in the response during the login process. Is it possible that Burp can also refresh this string, in additional to the cookies? Thanks

Burp User | Last updated: Mar 24, 2017 10:01PM UTC

Additional info: I am sending an expired request to the scanner. The macro will run and refresh the cookie jar, so the session becomes valid. The request also has this XXX-CSRF-Token which is expired as well. The XXX-CSRF-Token is in the response header from the last step of login macro, the format is following: ... ... XXX-CSRF-Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ..... I added a customer parameter in the last step of the macro. The parameter name is XXX-CSRF-Token: and the value is xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx I hope the macro will also grab the XXX-CSRF-Token: and refresh this token. However Burp did not, and the request failed. What should I do to make the request valid? Thank you,

PortSwigger Agent | Last updated: Mar 28, 2017 11:00AM UTC