Burp Suite User Forum

Create new post

Updating Cookie Jar based on redirected responses

Lukáš | Last updated: May 19, 2015 07:24PM UTC

Hello! I'm having troubles updating burp's internal cookie jar based on redirected responses. Eg. I send a POST request to /whatever.jsp with a cookie SESS1=123, I get a response w/ 302 Found, when I follow the redirect I get a response and a Set-Cookie: SESS1=456. Next request therefore has to be sent w/ SESS1=456 otherwise it will be dropped/denied. Functionality very similar to _csrfToken, however even when setting Options -> Sessions -> Cookie Jar and checking Repeater there the cookie does not get stored in burp's internal cookie jar. I managed to make a workaround of a post-macro that updates the cookie based on the response to the post macro response, but that makes it really slow due to additional request for every request I want to make. Any idea why cookies are not updated based on responses received in Repeater? Thanks! Lukas

PortSwigger Agent | Last updated: Jun 10, 2015 11:25AM UTC

Sorry for the slow reply to this question. Have you tried enabling the Repeater option "Process cookies in redirections"?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.