Burp Suite User Forum

Create new post

Burp Sequencer Help

C, | Last updated: Sep 03, 2018 10:06AM UTC

Getting a valid session id in My application actually require 2 requests. First one will get a temporary session id from server and second request will have the fetched session id along with credentials. If the same temp session id is submitted more than once, server rejects it. Please let me know how to analyse the session id (second request) strength in this case.

PortSwigger Agent | Last updated: Sep 03, 2018 11:06AM UTC

This can be done using macros and session handling rules. If you're not familiar with these, there is a general introduction here: - https://support.portswigger.net/customer/en/portal/articles/2363088-configuring-burp-s-session-handling-rules In your case you need to create a macro that makes the first request. You then need to create a session handling rule that is scoped to the second request with the action "Run a macro". If you then send the second request to Sequencer, each time it fetches a token it will run the macro first.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.