Burp Suite User Forum

Create new post

How to write macro for JSF login page

Enes | Last updated: May 23, 2017 07:26AM UTC

I have a problem with writting macro for JSF login page. I have done every possible things (remove cookies, javax.faces.ViewState etc.) but I havent figured it out. Any ideas for this problem? Thank you in advanced.

PortSwigger Agent | Last updated: May 23, 2017 07:41AM UTC

Have you started with the basic process of performing a login using a clean browser session (e.g. in incognito mode), and capturing the requests in Burp Proxy? Create a macro based on these requests and try running it in test mode to see if it obtains a valid session. If not, then closely compare the series of requests/responses that are made when testing the macro against those in your original Proxy history. This should let you locate where the two sequences diverge, and identify the cause of the problem.

Burp User | Last updated: May 23, 2017 08:28AM UTC

Hello Dafydd, Thank you for your response. I followed steps on the link below. https://support.portswigger.net/customer/en/portal/articles/2363088-configuring-burp-s-session-handling-rules When I have re-tested , my user never login the application. I think that any chance of static parameters to dynamic parameters? Because every render of pages create re-generate inputs.

Burp User | Last updated: May 23, 2017 01:50PM UTC

Hello Dafydd, At the end I figured out my problem. I added multi pages to macro recorder. And I saw that get parameters previous page's parameters. Have a good day.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.