Burp community forum

Generate cookie/session per request - Intruder

Bryan | Last updated: Mar 02, 2017 03:15PM UTC

Hi, guys. I'd like to know how to configure intruder to generate a new cookie and session per request. I'm facing a problem when I try to make a request because my target session expires very quickly and I can't make multiple requests on the same session using the same cookie. Thanks in advance.

Liam, PortSwigger Agent | Last updated: Mar 03, 2017 11:17AM UTC

Hi Bryan Thanks for your message. Have you tired using Burp's session handling rules? - https://support.portswigger.net/customer/en/portal/articles/2363088-configuring-burp-s-session-handling-rules The simplest way would be to create a macro that establishes a fresh session, make a session rule to run that macro before each relevant Intruder requests, and use a single attack thread. Alternatively, a more complex approach would be to make a rule to test for session validity and recover if needed. Please let us know if you need any further assistance.

You need to Log in to post a reply. Or register here, for free.