Burp Suite User Forum

Create new post

dynamic cookie handling in burp intruder

Ariesto | Last updated: Oct 13, 2015 04:11AM UTC

How do i use the intruder if the webapp provide new cookie each time a new GET is made? Would it be possible for burp-intruder to pick the new cookie from the response and put it back as the next Request Sequence? Thanks. -A

PortSwigger Agent | Last updated: Oct 13, 2015 07:32AM UTC

Burp lets you define session handling rules to deal with most situations you run into with session handling. In this case, usually the most robust solution is to find a request or series of requests that can obtain a new token, and to execute that prior to each "attack" request. Details are here: https://portswigger.net/burp/help/options_sessions.html

Burp User | Last updated: Oct 14, 2015 11:30AM UTC

Thanks Dafydd. Will take a look at this.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.