Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Set one cookie equal to another in intruder

Peleus | Last updated: Feb 24, 2015 12:18AM UTC

I have a situation where a cookie is set in Javascript so it's not coming up under the "set cookie" header for handling in macro's. For this post I'll refer to this cookie as "window". No problem - I know the value is always equal to the Session ID. I am also trying to create a macro that also get's a new SessionID for every request (long story). There seems to be no way you can say in Burp, let cookie A always equal the value of cookie B. I've tried several hacks and work arounds including, - In the macro's configure option I've tried Custom Paramater in Response and told "Window" to equal the grep of Session ID - No luck, does not send this value in subsequent macro requests. - Examined the cookie jar, there is no way you can set value to point to another Cookie (and be subsequently updated continuously) - In intruder I attempted recursive grep to derive the payload (i.e. grep sessionID and then set the window cookie value as the payload) - No luck as you can only grep responses, not requests. - In intruder I also tried setting the sessionID as a payload and set the Window cookie to "duplicate payload" - however you need to set some form of modification to the sessionID - you can't have it as an unmodified payload. If anyone could tell me how you can link one cookies value to always equal another I would be eternally grateful. Cheers.

PortSwigger Agent | Last updated: Feb 24, 2015 08:57AM UTC