Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How can i bypass this race limit protection ?

Zemarkhos | Last updated: Aug 26, 2021 10:39PM UTC

Hello, i have a website, and this website using a race limiting protection mechanism like this: when you do a request you use session_id, this session_id regenerating on every single request,but you can get next session_id in response so i need a script for intruder or active scan to get next session_id in response and use for next request session_id.

Zemarkhos | Last updated: Aug 26, 2021 10:41PM UTC

btw i can do manually by stepper extension like this; https://www.youtube.com/watch?v=Jbd3c9Ws4Vw but i need to do this for active scan or intruder

Uthman, PortSwigger Agent | Last updated: Aug 27, 2021 09:42AM UTC

Hi Zemarkhos, You could try creating a session handling rule under Project options > Sessions and selecting Scanner as the scope. Alternatively, you could check out the extensions below: - Authentication Token Obtain and Replace (https://portswigger.net/bappstore/51327b097b354243b307b4ed87ba39eb) - Reshaper (https://portswigger.net/bappstore/7bcec7656b5746e9a85c427f243e6d5a)

Zemarkhos | Last updated: Aug 27, 2021 07:32PM UTC

How can i use this extensions ? i not saw this extensions before do you have a tutorial ? thank you.

Uthman, PortSwigger Agent | Last updated: Aug 31, 2021 08:10AM UTC