Burp Suite User Forum

Login to post

Session dies while scanning

Syed | Last updated: Jun 27, 2019 12:34PM UTC

Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done: I have created a session validation under Projects->Sessions Under that, I have a macro, which checks if the session is invalidated, if yes, it would re-execute the requests, which will create a new session So far good. Now, when I do a scan from the target scope, I see that this micro kicks in when my session has expired and it creates a new session. But, the problem: The scanner, continues to use old captured sessions and fails miserably ... How, can I pass the new session created from the macro to the subsequent requests which are in queue and fired by scanner ? Query 2: Also, if I had to create a new extension for this and lets say, I use processHttpMessage and I have registered the callbacks for HttpListener, but I am still confused how can I take the latest response/request which was generated by macro during session validation, which happens to have the latest session created and then pass this to all the subsequent requests that will be fired by scanner Please assist on this, struggling a lot around this area...

Rose, PortSwigger Agent | Last updated: Jun 27, 2019 01:30PM UTC

Thanks for your message. Please could you tell me which version of Burp are you using?

You need to Log in to post a reply. Or register here, for free.