Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Login to post

Set one cookie equal to another in intruder

Peleus | Last updated: Feb 24, 2015 12:18AM UTC

I have a situation where a cookie is set in Javascript so it's not coming up under the "set cookie" header for handling in macro's. For this post I'll refer to this cookie as "window". No problem - I know the value is always equal to the Session ID. I am also trying to create a macro that also get's a new SessionID for every request (long story). There seems to be no way you can say in Burp, let cookie A always equal the value of cookie B. I've tried several hacks and work arounds including, - In the macro's configure option I've tried Custom Paramater in Response and told "Window" to equal the grep of Session ID - No luck, does not send this value in subsequent macro requests. - Examined the cookie jar, there is no way you can set value to point to another Cookie (and be subsequently updated continuously) - In intruder I attempted recursive grep to derive the payload (i.e. grep sessionID and then set the window cookie value as the payload) - No luck as you can only grep responses, not requests. - In intruder I also tried setting the sessionID as a payload and set the Window cookie to "duplicate payload" - however you need to set some form of modification to the sessionID - you can't have it as an unmodified payload. If anyone could tell me how you can link one cookies value to always equal another I would be eternally grateful. Cheers.

PortSwigger Agent | Last updated: Feb 24, 2015 08:57AM UTC

I can't think of an obvious way to automate this using Burp's native functionality. The easiest way to do it might be via a quick extension that registers a custom session handling action, which you can then configure a session handling rule to invoke. Your custom action would need to obtain the Session ID value from the request and update the other parameter value. There are helper methods in IExtensionHelpers that can do this, so the extension should be fairly straightforward if you know a little Java, Python or Ruby. Hope that helps.

You need to Log in to post a reply. Or register here, for free.