Hi,
Thanks for your post.
As a workflow you could save your session rules as a configuration file and launch Burp via the CLI with the relevant command line arguments to include the project config file. A scan then initiated via the REST API would include your session rules.
Either save the project file with your preferred session handling rules or save the session handling rules as a configuration file:
- New Project > Project Options > Sessions > Session Handling Rules (either add default values or invoke a Burp extension like add custom headers or Reshaper)
- Options cog > Save options > Save session configuration
As a workflow:
- Launch Burp via the CLI
- Utilise command line arguments to ensure the session rules are applied:
--project-file
(Open the specified project file. This will be created as a new project if the file does not exist)
Alternatively you could do this on a per config file basis rather than an existing project file:
--config-file
(Load the specified project configuration file. This option may be repeated to load multiple files)
- Initiate scan via REST API
I hope that helps, any questions please do let me know.
Thanks