Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Discover Content Feature - Cookies

Jared | Last updated: Aug 21, 2021 06:43PM UTC

Hello, Can you provide some details on how Burp generates the cookies that it uses for HTTP requests during a Discover Content session? I am clearing the Cookie Jar before starting the session, but somehow Burp is able to authenticate itself as multiple different users by sending HTTP requests with valid session/authentication cookies. Does Burp pull these cookies from somewhere else? Thank you!

Uthman, PortSwigger Agent | Last updated: Aug 23, 2021 09:42AM UTC

Hi Jared, The 'Discover content' feature will use the cookies in the original request that it is invoked on. Have you previously logged in as other users? Can you check this under the Proxy > HTTP history (or Target > Site map)? Do you have any extensions enabled?

Jared | Last updated: Aug 24, 2021 03:27PM UTC

Hi Uthman, Thank you for your assistance. I think I have found the cause. You were correct, Burp cached the HTTP responses including the rendered HTML view for previous logged-in sessions. I confirmed that these responses are old from the timestamp in their headers. Thank you!

Uthman, PortSwigger Agent | Last updated: Aug 24, 2021 04:23PM UTC

Hi Jared, No problem at all! Feel free to reach out again if you have any further questions.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.