Burp community forum

Burp does not process cookies when initializing Intruder

Timothy | Last updated: Sep 02, 2015 11:20PM UTC

I am using a site which has multiple redirects after submitting a form. After the initial POST request, Burp does not use cookies on subsequent requests. Behavior from the browser: POST request sent with cookies => 302 Redirect GET request from 302 with cookies => Another 302 GET request from second 302 with cookies => Return to page with information reflected in page Behavior using Burp Intruder (request 0): POST request sent with cookies => 302 Redirect GET request from 302, all cookies omitted => 302 Redirect GET request from 302, all cookies omitted => 302 Redirect to login page These are the custom settings I have set in Burp. I have no extensions active: Intruder => Options Request Engine: Number of threads: 1 Redirections: Follow redirections: Always Process cookies in redirections: checked Options Session Handling Rules Use cookies from Burp's cookie jar: Enabled, All tools, Include all URLs Cookie Jar All tools checked

PortSwigger Agent | Last updated: Sep 03, 2015 07:48AM UTC

Thanks for this report. Are the redirection targets all on the same domain?

PortSwigger Agent | Last updated: Feb 19, 2016 09:44AM UTC

Hi Rohit, You can do this by adjusting the scope of the default Session Handling Rule. Go into Project Options > Sessions > "Use cookies from Burp's cookie jar" > Edit > Scope Then ensure that Intruder is checked. The Logger++ extension is useful for investigating issues like this.

Burp User | Last updated: Jun 09, 2017 09:10AM UTC

Hi , I am having the same issue as described above. Yes the redirection target , in my case is on the same domain. For me below is the process , where as all works fine in the Browser. Behavior using Burp Intruder (request 0): POST request sent with cookies => 302 Redirect GET request from 302, all cookies omitted => 301 Redirect GET request from 301, all cookies omitted => 301 Redirect to login page Took me 2 days to figure it what was wrong , kindly help in fixing this bug.

You need to Log in to post a reply. Or register here, for free.