The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Don't allow Set-Cookie to add cookies to Requests

Philip | Last updated: Feb 26, 2018 04:03PM UTC

Hi, I have a scenario and only discovered when using Logger++. When using the Burp scanner, the response will give a 400 straight away because the HTTP request is too large (Multiple Cookies). The repeater works multiple times with 200 response but for some reason the Scanner gets hit with the 400 response and the HTTP requests has bunch of cookies. Can I force the Scanner to use just the original cookies and don't add any from the responses. Logger++ Request 1: Jsession=123 Response 1: Set Cookie=abc_hju78=123 Request 2: Jsession=123 abc_hju78=123 Response 2: Set Cookie=abc_gbter=123 Request 2: Jsession=123 abc_hju78=123 abc_gbter=123 Response 2: Set Cookie=abc_uuio=123 The HTTP requests get quickly loaded with cookies that cause the 400 response. Thanks.

PortSwigger Agent | Last updated: Feb 27, 2018 11:12AM UTC