Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Macro Session Handling

Initroot | Last updated: Feb 13, 2020 07:13AM UTC

I'm trying to generate a HMAC token on each request. I have an API that needs to launch first with custom HMAC headers to generate token. After that I have another API calls that needs that generated tokens. What I've done is create the following: - HMAC extension with session handling rule. This automatically replaces all API calls that request the token with a newly generated HMAC header for authorization. Works perfect in repeater etc. Now to inject that value is where I have issues. I have created another session handler that looks for requests that isn't the initial init API call to get the auth header. I have created an extension that on these requests replaces the bearer with the response obtained from a macro. The macro launches the API init call, which I would have invoked my first session rule. However it seems that macro requests isn't included in session handling rules? Did I misconfigure or is this not possible?

Liam, PortSwigger Agent | Last updated: Feb 14, 2020 01:55PM UTC

We've currently looking in to your requirements. We'll update this thread when we have something to share.

Liam, PortSwigger Agent | Last updated: Feb 17, 2020 09:31AM UTC