The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Session expiry and passing of new session while scanning

Syed | Last updated: Jun 28, 2019 04:50PM UTC

Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done: I have created a session validation under Projects->Sessions Under that, I have a macro, which checks if the session is invalidated, if yes, it would re-execute the requests, which will create a new session So far good. Now, when I do a scan from the target scope, I see that this micro kicks in when my session has expired and it creates a new session. But, the problem: The scanner, continues to use old captured sessions and fails miserably ... How, can I pass the new session created from the macro to the subsequent requests which are in queue and fired by scanner ? Query 2: Also, if I had to create a new extension for this and lets say, I use processHttpMessage and I have registered the callbacks for HttpListener, but I am still confused how can I take the latest response/request which was generated by macro during session validation, which happens to have the latest session created and then pass this to all the subsequent requests that will be fired by scanner Please assist on this, struggling a lot around this area...

Liam, PortSwigger Agent | Last updated: Jul 01, 2019 09:59AM UTC