Burp Suite User Forum

Login to post

Burp scanner using old cookie in requests

Jull | Last updated: May 06, 2022 01:02PM UTC

Hello, I noticed a weird thing when using burp scanner, let's say I manually crawl an application, I get on a website and starts moving around and my cookie is "sessionid=AAA", then I log out and login again, my cookie now is "sessionid=BBB", I go on "Site map" tab and launch a scan (cookie used in the requests is the old "AAA"). I have cookie jar updated with the new cookie "BBB" but what I see is that some requests are done with the old cookie "AAA" (the one I started crawling the first time), while others are done with "BBB", shouldn't all requests use the cookie from cookie jar? Thank you

Michelle, PortSwigger Agent | Last updated: May 09, 2022 08:57AM UTC

Thanks for your message. Can you email support@portswigger.net with a few screenshots to show us a bit more detail of what you are seeing, please? Which type of scan are you launching from the Site Map?

You need to Log in to post a reply. Or register here, for free.