Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Replace/Update Cookie

ARPIT | Last updated: Dec 21, 2022 07:54PM UTC

Hi, Is there any extension, which can be invoked using the session handling rule: "invoke a Burp Extension", which can replace or update any cookie value? Thanks, Arpit

Michelle, PortSwigger Agent | Last updated: Dec 22, 2022 11:58AM UTC

Hi Can you tell us more about what you need to achieve with this? Will the cookie have the same value for each request, or will it change? Is this part of checking whether or not a session is valid? If you'd prefer to share this information directly, feel free to send an email to support@portswigger.net. If you can't see any extensions in the BApp Store that suit your needs, you can write your own: https://portswigger.net/burp/documentation/desktop/extensions/creating

ARPIT | Last updated: Dec 22, 2022 01:13PM UTC

I tend to achieve session validation with this. I am seeking to update the cookie while scanning an application, in crawling & auditing. The new cookie will be extracted from the extension: "stepper" & I want to invoke a burp extension that updates the cookie. Requirement: Burp extension that can be invoked. Extension should update the cookie.

Michelle, PortSwigger Agent | Last updated: Dec 22, 2022 05:06PM UTC

Stepper is an extension designed more as an evolution of the Repeater tool rather than something to be run as part of a session handling rule. Can you use a Burp macro and a 'Check session is valid' session handling rule to achieve what you need? https://portswigger.net/burp/documentation/desktop/settings/sessions/macros

You need to Log in to post a reply. Or register here, for free.