Burp Suite User Forum

Create new post

Burp Audit Not able to check if the session is invalid

Supreet | Last updated: Jul 09, 2024 03:09PM UTC

I understand that Burp automatically checks if the session is invalid and restarts the login process accordingly. However, is there a way a user can change what would be considered "invalid session". The application I am trying to scan always gives 200 response. But in the response body, gives 401 response and a Fixed Message of Session Expired. Can I tweak Burp to read the response body to figure out if the session is valid or not?

Syed, PortSwigger Agent | Last updated: Jul 10, 2024 11:55AM UTC

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.