Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Discover Content Feature - Cookies

Jared | Last updated: Aug 21, 2021 06:43PM UTC

Hello, Can you provide some details on how Burp generates the cookies that it uses for HTTP requests during a Discover Content session? I am clearing the Cookie Jar before starting the session, but somehow Burp is able to authenticate itself as multiple different users by sending HTTP requests with valid session/authentication cookies. Does Burp pull these cookies from somewhere else? Thank you!

Uthman, PortSwigger Agent | Last updated: Aug 23, 2021 09:42AM UTC

Hi Jared, The 'Discover content' feature will use the cookies in the original request that it is invoked on. Have you previously logged in as other users? Can you check this under the Proxy > HTTP history (or Target > Site map)? Do you have any extensions enabled?

Jared | Last updated: Aug 24, 2021 03:27PM UTC

Hi Uthman, Thank you for your assistance. I think I have found the cause. You were correct, Burp cached the HTTP responses including the rendered HTML view for previous logged-in sessions. I confirmed that these responses are old from the timestamp in their headers. Thank you!

Uthman, PortSwigger Agent | Last updated: Aug 24, 2021 04:23PM UTC