Burp Suite User Forum

Login to post

Copy a Cookie Value as a Request Header or Parameter

Louis | Last updated: Jan 14, 2022 02:26AM UTC

There doesn't seem to be a native way to do copy a value either stored in the cookie jar or during the http request in the cookie header to a request parameter or request header. I've seen quite a few web applications utilize CSFR tokens this way, and I still can't believe this isn't a native function. Please don't tell me to write an extension, this is such a common issue, that is not an efficient nor helpful answer. Ever Charles proxy has a similar functionality, doesn't completely meet my needs. Example below Request GET / HTTP/1.1 Host: pentestsite.com Cookie: XSRFTOKEN=random Needs to become GET / HTTP/1.1 Host: pentestsite.com Cookie: XSRFTOKEN=random XSRF: random OR POST / HTTP/1.1 Host: pentestsite.com Cookie: XSRFTOKEN=random xsrf=random

Uthman, PortSwigger Agent | Last updated: Jan 17, 2022 11:07AM UTC

You need to Log in to post a reply. Or register here, for free.