Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Discover content requests with cookies

Mark Feb 04, 2015 10:53AM UTC


Is it possible to "Discover Content" using valid cookies to test for authenticated pages? I've run several sessions after using the "Discover Content" context menu from a request with a valid cookie, however the cookies do not seem to be used in the brute forcing.



Mark Feb 04, 2015 11:12AM UTC
Hello again,

It would seem posting made me find part of the answer....

By using Options > Sessions I've been able to manually force a specific cookie, could this be picked up from the request when using a context menu?

The next problem is that the session instantly found the logout function and invalidated the session, would it be possible for "Discover Content" to inherit the Target > Scope settings to exclude certain files e.g logout?



Dafydd Stuttard Feb 05, 2015 12:31PM UTC Support Center agent

The content discovery feature is scope based on a start URL, and includes everything below that (rather than being based on target scope, like the Spider). One workaround would be to use the option at Options / Connections / Out of scope requests to drop requests that are made (anywhere within Burp) to a specific logout URL (or other suitable scope).

Praveen Jul 18, 2017 06:48AM UTC
Hi Mark,

I could not understand the solution you found, if i understood correctly you tried to create a new rule from Project Options-> Sessions -> Session Handling rules -> add

rule action -> use cookie from cookie jar
Scope - > tool, however i could not find Content discover tool listed in scope.

I am missing something?

Liam Tai-Hogan Jul 18, 2017 10:42AM UTC Support Center agent

Have you tried using the option Project Options > Sessions > Session Handling rules > Edit > Scope > Target?

Post Your public answer

Your name
Your email address