Burp Suite User Forum

Login to post

either live passive crawl or live audit keep session active

Todd | Last updated: Jul 30, 2020 03:24PM UTC

During a recent web app test I found a bug in the web app where I could replay the request after logging out. However, further testing and working with the developers where they could watch the backend session id's we found that when logging out of the web app the session is not terminated properly if the Live passive crawl and/or the Live audit are enabled on the Dashboard under Tasks. If I disable both these options, grab a new session id by logging on and then log out the session id is immediately marked as invalid. Anyone run into this situation before? I'm running Burp Suite Pro v2020.7.

Uthman, PortSwigger Agent | Last updated: Aug 03, 2020 09:14AM UTC

Can you provide more information and screenshots to support@portswigger.net, please?

You need to Log in to post a reply. Or register here, for free.