Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

updateCookieJar: Domain cannot be null

August | Last updated: Nov 15, 2016 12:40AM UTC

I have written an extension that submits a login, reads a cookie in the response, and adds it to the cookie jar. The cookie in the response does not include a domain attribute. Set-Cookie: token=znNMQ6l4WvwAQDdmu1rIMxWHiC84Hy4YJ4B1vgQ05oPPuKh-SxG3g_DjhfRbgaTDqMCmAFnUQ9_3M; Path=/; Expires=Wed, 16 Nov 2016 00:16:39 GMT; HttpOnly; Secure I get the cookie as an ICookie from the response: IResponseInfo responseInfo = helpers.analyzeResponse(response); List<ICookie> cookies = responseInfo.getCookies(); for (ICookie cookie : cookies) { if ("token".equals(cookie.getName()) tokenCookie = cookie; } callbacks.updateCookieJar(tokenCookie); However, when I add the cookie to the cookie jar I get a NullPointerException: java.lang.NullPointerException: Domain cannot be null at burp.uph.a(Unknown Source) at burp.axe.updateCookieJar(Unknown Source) at burp.BurpExtender.getFreshToken(BurpExtender.java:160) Is this a bug? From reading the APIs I didn't see any way to explicitly set the domain of a cookie, or how to construct a custom cookie at all. Would you consider adding these to the Extender API?

PortSwigger Agent | Last updated: Nov 15, 2016 09:42AM UTC

Thanks for this. It's perhaps a bug or at least an inconsistency in that Burp gives you a cookie object without a domain set, but asks that you provide one with it set. You can just create your own class that implements ICookie and use that when passing it back to Burp. You can use the actual domain from which the cookie was issued in the domain attribute.

Burp User | Last updated: Nov 15, 2016 09:40PM UTC

Implementing ICookie and setting the domain explicitly worked perfectly, thanks!

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.