Burp Suite User Forum

Login to post

Example of replacing and or adding a cookie via Burp Extender in Python?

toobz | Last updated: Jan 10, 2022 10:26PM UTC

Hey all, relatively new to Burp extensions. I've been trying to find an example of Burp Extender Python snippet that adds a custom Cookie either to every request or to the cookie jar. Does anyone have any Python code snippets they could provide to help get me started?

Hannah, PortSwigger Agent | Last updated: Jan 11, 2022 01:00PM UTC

Hi Is there a specific reason you need to use the extender API? This sounds like it may be handled by the session handling rule "Set a specific cookie or parameter value". You can find session handling rules by going to "Project options > Sessions".

toobz | Last updated: Jan 11, 2022 04:12PM UTC

Hi Hannah, thank you for taking the time to respond to my post. The reason I am wanting to use the extender API is due to the fact that the cookie is generated via Python code and needs to be different every request, otherwise yes I would use the session handling rules.

Hannah, PortSwigger Agent | Last updated: Jan 11, 2022 05:26PM UTC

Hi You can find an example extension in Python for adding custom session tokens using session handling rules here: https://github.com/PortSwigger/example-custom-session-tokens/blob/master/python/SessionTokens.py You can also find an extension for adding/replacing request headers here: https://github.com/UthmanPortSwigger/add-custom-headers The Java version of that extension has more functionality, but there is a basic Python version you may be able to use as a base and modify.

toobz | Last updated: Jan 11, 2022 09:10PM UTC

Hi Hannah, thank you for the links. These appear to be oriented more towards headers rather than Cookies. Do you have a simple example of updating a Cookie or the Cookie Jar every request?

toobz | Last updated: Jan 11, 2022 09:10PM UTC

Hi Hannah, thank you for the links. These appear to be oriented more towards headers rather than Cookies. Do you have a simple example of updating a Cookie or the Cookie Jar every request?

Uthman, PortSwigger Agent | Last updated: Jan 13, 2022 12:12PM UTC

You need to Log in to post a reply. Or register here, for free.