Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

remove cookie parameter from Burp suite Match and Replace

satan | Last updated: Feb 01, 2022 06:35AM UTC

I am trying to remove unnecessary google and facebook cookies in my application request, i've tried Match: (cookie=[^;]+); Replace: but didnt work

Uthman, PortSwigger Agent | Last updated: Feb 01, 2022 11:46AM UTC

Hi Satan,

Can you clarify whether you want to remove this in the Proxy whilst you browse the site? Or elsewhere in Burp?

Can you provide a sample of a request? Are you trying to remove all the cookies or specific ones?

Your current regex would only match a cookie like this:

cookie: name=value;

It wouldn't match the examples here:

Cookie: <cookie-list>
Cookie: name=value
Cookie: name=value; name2=value2; name3=value3

satan | Last updated: Feb 07, 2022 11:23AM UTC

i would like to remove the google and facebook cookies before arriving in my proxy tab. i have cookie like this Cookie: name=value; name2=value2; name3=value3 and would like to remove specific cookie parameter like name2=value2 entirely from the upcoming requests

satan | Last updated: Feb 07, 2022 11:28AM UTC

my aim to to remove cookies which are unwanted before they are populated in the proxy tab, so that my request looks clean

Uthman, PortSwigger Agent | Last updated: Feb 07, 2022 11:47AM UTC

Thanks for clarifying that.

I would try something like this: 
 name2=.*;

Replace 'name2' with the name of the second cookie.

The regex to remove okta-oauth-nonce=test; from the example below would look like okta-oauth-nonce=.*;
Cookie: okta-oauth-redirect-params=testparams; okta-oauth-nonce=test; okta-oauth-state=test1

Uthman, PortSwigger Agent | Last updated: Feb 07, 2022 12:28PM UTC 

I tried by using this but the cookie is still populated in my proxy tab
MATCH AND REPLACE
Type: Request Header
Match: okta-oauth-nonce=.*;
Replace:
Regex: true

Cookie parameter okta-oauth-nonce will be removed and not populated in my proxy tab right?
In relation to the query above, please see below:

It will still populate the HTTP History, you'll need to select the Dropdown next to Original request > Select Auto-modified request. The auto modified request tab shows the final request that was sent. You can use the Logger to confirm this.

If you want to remove the cookies before they hit the Proxy tab, you may need to send them to another tool first > Set an upstream proxy from that tool to Burp.

satan | Last updated: Feb 07, 2022 12:40PM UTC

yeah this worked for me

Uthman, PortSwigger Agent | Last updated: Feb 07, 2022 01:32PM UTC

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.