Burp Suite User Forum

Login to post

Need to generate auth token after 1 hour, How we can achieve it?

Manish | Last updated: Jan 05, 2022 12:14PM UTC

Need to generate auth token after 1 hour, How we can achieve it? Scenarios: We get token from google api and token is valid for 1 hour. Need to capture token and pass to other requests after 1 hour Please help

Liam, PortSwigger Agent | Last updated: Jan 05, 2022 12:34PM UTC

Thanks for your message. Is this required so that you can effectively use Burp Scanner?

Manish | Last updated: Jan 06, 2022 07:51AM UTC

Thanks for replay How we can use the Burp Scanner. If there is any reference link for same. Please provide.

Liam, PortSwigger Agent | Last updated: Jan 06, 2022 11:24AM UTC

Have you checked out this support page - https://portswigger.net/burp/documentation/desktop/scanning Burp should handle the auth token for you during a scan. If you find this is not this case, please let us know.

Manish | Last updated: Jan 06, 2022 12:03PM UTC

Hi Thanks for reply. Scenarios: 1. During login we get token from Google API and Token is valid for 1 hour 2. We captured token from Google api and created macros for same Issues that we faced: When we start the scanning of the application, after running some time, we get error "Google API cross the limit of login". Query is: How we can handle this situation in burp suite?

Liam, PortSwigger Agent | Last updated: Jan 06, 2022 12:54PM UTC

Burp should reauthenticate for each audit item. Are you using the recorded login feature? - https://portswigger.net/burp/documentation/desktop/scanning/recorded-logins

Manish | Last updated: Jan 06, 2022 01:17PM UTC

>> Are you using the recorded login feature? No, we are not using recorded login feature What we do 1. Record the test scripts 2. Created a Macros to handle auth token 3. Created a rule by using Add Custom header 4. Project option - Session tab - Session handling rule - Add new rule - Scope - Using 'Use suite scope' option 5. After setting all above option, try to scan application, get error 'Google API cross the limit of login'

Manish | Last updated: Jan 06, 2022 01:17PM UTC

>> Are you using the recorded login feature? No, we are not using recorded login feature What we do 1. Record the test scripts 2. Created a Macros to handle auth token 3. Created a rule by using Add Custom header 4. Project option - Session tab - Session handling rule - Add new rule - Scope - Using 'Use suite scope' option 5. After setting all above option, try to scan application, get error 'Google API cross the limit of login'

Manish | Last updated: Jan 06, 2022 01:17PM UTC

>> Are you using the recorded login feature? No, we are not using recorded login feature What we do 1. Record the test scripts 2. Created a Macros to handle auth token 3. Created a rule by using Add Custom header 4. Project option - Session tab - Session handling rule - Add new rule - Scope - Using 'Use suite scope' option 5. After setting all above option, try to scan application, get error 'Google API cross the limit of login'

Liam, PortSwigger Agent | Last updated: Jan 06, 2022 01:26PM UTC

Would it be possible to try using the recorded login to handle your login page, then run the scan again? Is the application publicly accessible? If so, could we perform some testing?

Manish | Last updated: Jan 06, 2022 02:24PM UTC

Let me try with given solution and will let you know\ Thanks for reply

Manish | Last updated: Jan 06, 2022 02:24PM UTC

Let me try with given solution and will let you know\ Thanks for reply

Manish | Last updated: Jan 06, 2022 02:24PM UTC

Let me try with given solution and will let you know\ Thanks for reply

Manish | Last updated: Jan 12, 2022 06:09AM UTC

I am try to add request in ATOR extension, but unable to add. When i am sending request in ATOR extension, ATOR extension is highlighted but when we saw the ATOR, there is no request added. Can you let me know how we can proceed

Uthman, PortSwigger Agent | Last updated: Jan 12, 2022 12:30PM UTC

Manish, have you tried setting your Target > Scope first? Or checking if all the panels in the extension tab have been expanded?

Manish | Last updated: Jan 12, 2022 12:50PM UTC

try to add request in ATRO after adding url in Scope

Uthman, PortSwigger Agent | Last updated: Jan 12, 2022 02:12PM UTC

Manish, can you please email support@portswigger.net so that we can assist you further?

You need to Log in to post a reply. Or register here, for free.