Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp does not process cookies when initializing Intruder

Timothy | Last updated: Sep 02, 2015 11:20PM UTC

I am using a site which has multiple redirects after submitting a form. After the initial POST request, Burp does not use cookies on subsequent requests. Behavior from the browser: POST request sent with cookies => 302 Redirect GET request from 302 with cookies => Another 302 GET request from second 302 with cookies => Return to page with information reflected in page Behavior using Burp Intruder (request 0): POST request sent with cookies => 302 Redirect GET request from 302, all cookies omitted => 302 Redirect GET request from 302, all cookies omitted => 302 Redirect to login page These are the custom settings I have set in Burp. I have no extensions active: Intruder => Options Request Engine: Number of threads: 1 Redirections: Follow redirections: Always Process cookies in redirections: checked Options Session Handling Rules Use cookies from Burp's cookie jar: Enabled, All tools, Include all URLs Cookie Jar All tools checked

PortSwigger Agent | Last updated: Sep 03, 2015 07:48AM UTC

Thanks for this report. Are the redirection targets all on the same domain?

PortSwigger Agent | Last updated: Feb 19, 2016 09:44AM UTC

Hi Rohit, You can do this by adjusting the scope of the default Session Handling Rule. Go into Project Options > Sessions > "Use cookies from Burp's cookie jar" > Edit > Scope Then ensure that Intruder is checked. The Logger++ extension is useful for investigating issues like this.

Burp User | Last updated: Jun 09, 2017 09:10AM UTC