Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Example of replacing and or adding a cookie via Burp Extender in Python?

toobz | Last updated: Jan 10, 2022 10:26PM UTC

Hey all, relatively new to Burp extensions. I've been trying to find an example of Burp Extender Python snippet that adds a custom Cookie either to every request or to the cookie jar. Does anyone have any Python code snippets they could provide to help get me started?

Hannah, PortSwigger Agent | Last updated: Jan 11, 2022 01:00PM UTC

Hi Is there a specific reason you need to use the extender API? This sounds like it may be handled by the session handling rule "Set a specific cookie or parameter value". You can find session handling rules by going to "Project options > Sessions".

toobz | Last updated: Jan 11, 2022 04:12PM UTC

Hi Hannah, thank you for taking the time to respond to my post. The reason I am wanting to use the extender API is due to the fact that the cookie is generated via Python code and needs to be different every request, otherwise yes I would use the session handling rules.

Hannah, PortSwigger Agent | Last updated: Jan 11, 2022 05:26PM UTC

Hi You can find an example extension in Python for adding custom session tokens using session handling rules here: https://github.com/PortSwigger/example-custom-session-tokens/blob/master/python/SessionTokens.py You can also find an extension for adding/replacing request headers here: https://github.com/UthmanPortSwigger/add-custom-headers The Java version of that extension has more functionality, but there is a basic Python version you may be able to use as a base and modify.

toobz | Last updated: Jan 11, 2022 09:10PM UTC

Hi Hannah, thank you for the links. These appear to be oriented more towards headers rather than Cookies. Do you have a simple example of updating a Cookie or the Cookie Jar every request?

toobz | Last updated: Jan 11, 2022 09:10PM UTC

Hi Hannah, thank you for the links. These appear to be oriented more towards headers rather than Cookies. Do you have a simple example of updating a Cookie or the Cookie Jar every request?

Uthman, PortSwigger Agent | Last updated: Jan 13, 2022 12:12PM UTC