Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Cookies not updated for proxy anymore

Lukasz | Last updated: Mar 15, 2018 02:02PM UTC

Hello, Session handling rules/Rule Actions: Use cookies from the session handling cookie jar with Proxy set as the scope does not work anymore. It used to work in previous versions. It was one of most important feature and was used with tools w/o support for complicated session handling.

Liam, PortSwigger Agent | Last updated: Mar 15, 2018 02:24PM UTC

We haven't made any changes to this area of Burp Suite. Are you testing the same application as you were previously? Have you made any changes to the application?

Burp User | Last updated: Mar 15, 2018 04:06PM UTC

No changes except of couple extensions installed. It affects also my team mate burp installation on different workstation. I'm testing different application now but for simplicity sake I did couple of simple curl requests and had one custom cookie in cookie jar. Let me know on email if you will need more accurate info or repro steps with screenshoots.

PortSwigger Agent | Last updated: Mar 16, 2018 11:27AM UTC

Hi Lukasz, Thanks for following up. I tried this just now and cookies were added to a curl request. Please check your cookie jar does have the cookie. And check that "Use cookies from Burp's cookie jar" has the scope set to include Proxy. Also, be aware that the request shown in HTTP history is the incoming request. Cookies are added after this. You can use the Flow extension to view requests as they go upstream. If you're still having difficulty, some reproduction steps and screenshots would be most appreciated.

Burp User | Last updated: Mar 19, 2018 10:22AM UTC

Seems that application was updating session token often and set it to empty if received outdated cookie. I was expecting to see added cookie in proxy history this lead me to wrong idea that it is not working. Thank you and sorry for rising a false alarm.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.