Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

updateCookieJar: Domain cannot be null

August | Last updated: Nov 15, 2016 12:40AM UTC

I have written an extension that submits a login, reads a cookie in the response, and adds it to the cookie jar. The cookie in the response does not include a domain attribute. Set-Cookie: token=znNMQ6l4WvwAQDdmu1rIMxWHiC84Hy4YJ4B1vgQ05oPPuKh-SxG3g_DjhfRbgaTDqMCmAFnUQ9_3M; Path=/; Expires=Wed, 16 Nov 2016 00:16:39 GMT; HttpOnly; Secure I get the cookie as an ICookie from the response: IResponseInfo responseInfo = helpers.analyzeResponse(response); List<ICookie> cookies = responseInfo.getCookies(); for (ICookie cookie : cookies) { if ("token".equals(cookie.getName()) tokenCookie = cookie; } callbacks.updateCookieJar(tokenCookie); However, when I add the cookie to the cookie jar I get a NullPointerException: java.lang.NullPointerException: Domain cannot be null at burp.uph.a(Unknown Source) at burp.axe.updateCookieJar(Unknown Source) at burp.BurpExtender.getFreshToken(BurpExtender.java:160) Is this a bug? From reading the APIs I didn't see any way to explicitly set the domain of a cookie, or how to construct a custom cookie at all. Would you consider adding these to the Extender API?

PortSwigger Agent | Last updated: Nov 15, 2016 09:42AM UTC

Thanks for this. It's perhaps a bug or at least an inconsistency in that Burp gives you a cookie object without a domain set, but asks that you provide one with it set. You can just create your own class that implements ICookie and use that when passing it back to Burp. You can use the actual domain from which the cookie was issued in the domain attribute.

Burp User | Last updated: Nov 15, 2016 09:40PM UTC