Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How to write macro for JSF login page

Enes | Last updated: May 23, 2017 07:26AM UTC

I have a problem with writting macro for JSF login page. I have done every possible things (remove cookies, javax.faces.ViewState etc.) but I havent figured it out. Any ideas for this problem? Thank you in advanced.

PortSwigger Agent | Last updated: May 23, 2017 07:41AM UTC

Have you started with the basic process of performing a login using a clean browser session (e.g. in incognito mode), and capturing the requests in Burp Proxy? Create a macro based on these requests and try running it in test mode to see if it obtains a valid session. If not, then closely compare the series of requests/responses that are made when testing the macro against those in your original Proxy history. This should let you locate where the two sequences diverge, and identify the cause of the problem.

Burp User | Last updated: May 23, 2017 08:28AM UTC

Hello Dafydd, Thank you for your response. I followed steps on the link below. https://support.portswigger.net/customer/en/portal/articles/2363088-configuring-burp-s-session-handling-rules When I have re-tested , my user never login the application. I think that any chance of static parameters to dynamic parameters? Because every render of pages create re-generate inputs.

Burp User | Last updated: May 23, 2017 01:50PM UTC