Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Session dies while scanning

Syed Meer Ahmed Jun 27, 2019 12:34PM UTC

Guys, I have this very general problem. I did a search across the google, but did not find a proper solution.

This is what I have done:

I have created a session validation under Projects->Sessions
Under that, I have a macro, which checks if the session is invalidated, if yes, it would re-execute the requests, which will create a new session

So far good.

Now, when I do a scan from the target scope, I see that this micro kicks in when my session has expired and it creates a new session.

But, the problem:

The scanner, continues to use old captured sessions and fails miserably ...
How, can I pass the new session created from the macro to the subsequent requests which are in queue and fired by scanner ?

Query 2:

Also, if I had to create a new extension for this and lets say, I use processHttpMessage and I have registered the callbacks for HttpListener, but I am still confused how can I take the latest response/request which was generated by macro during session validation, which happens to have the latest session created and then pass this to all the subsequent requests that will be fired by scanner

Please assist on this, struggling a lot around this area...

Rose Krawczuk Jul 01, 2019 02:45PM UTC Support Center agent

Thanks for your message.

Please could you tell me which version of Burp are you using?

Post Your public answer

Your name
Your email address