Скачать или смотреть Update requests with rotated session after user logs out | Burp Suite Pro | Cookies & Authorization

Hi everyone,

I was recently pentesting an application and it kept logging me out whenever I ran active scanning on one of the endpoints, now, with the unauthenticated requests, we aren't going to get any results!

The solution was to keep logging in again and again and keep rotating the session and then include those updated cookies & authentication values in the response. But how? I spent almost a day trying to figure it out, once I figured our Cookies can be handled by BurpSuite, the next obstacle was Authorization Header.

This video shows how to do that. I've added timestamps to make it easy to fit your situation.

00:26 | Problem statement
01:45 | Video Chapters
02:30 | Fetching Cookies dynamically
11:21 | Fetching Authorization header dynamically

--

Flask code (PR): https://github.com/lorenzog/burpAddCu...
Add Custom Header Extension: https://github.com/lorenzog/burpAddCu...
Question on Burp Suite User Forum: https://forum.portswigger.net/thread/...

--

Can find me at:

Umar_0x01#0079
  / syed__umar  
  / syedumararfeen  

#BurpSuite