Set one cookie equal to another in intruder
There seems to be no way you can say in Burp, let cookie A always equal the value of cookie B. I've tried several hacks and work arounds including,
- In the macro's configure option I've tried Custom Paramater in Response and told "Window" to equal the grep of Session ID - No luck, does not send this value in subsequent macro requests.
- Examined the cookie jar, there is no way you can set value to point to another Cookie (and be subsequently updated continuously)
- In intruder I attempted recursive grep to derive the payload (i.e. grep sessionID and then set the window cookie value as the payload) - No luck as you can only grep responses, not requests.
- In intruder I also tried setting the sessionID as a payload and set the Window cookie to "duplicate payload" - however you need to set some form of modification to the sessionID - you can't have it as an unmodified payload.
If anyone could tell me how you can link one cookies value to always equal another I would be eternally grateful.
I can’t think of an obvious way to automate this using Burp’s native functionality. The easiest way to do it might be via a quick extension that registers a custom session handling action, which you can then configure a session handling rule to invoke. Your custom action would need to obtain the Session ID value from the request and update the other parameter value. There are helper methods in IExtensionHelpers that can do this, so the extension should be fairly straightforward if you know a little Java, Python or Ruby.
Hope that helps.