Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Session validataion and Loop issue

Karthik | Last updated: Sep 30, 2015 01:09PM UTC

I am active scanning a website which involves sessions. Number of threads for scanning is 5 - this means 5 requests will be sent at one time I am using a session handling rules to check if session is valid or not. Since I am using 5 threads, Lets say Thread 1 is sent and session handling rules finds it invalid session. So the macro will run, login process will happen(according to macro) and session will become valid Before the above process completes, if thread 2 also fails against session handling rules and will try to run the macro to obtain a valid session., So this cycle repeats for every requests and there will be a new session for each request and this might get into a loop How to prevent this ? We can, inside the macro, validate session every X requests - I guess this will resolve the loop issue (if that will happen), but if we select validate session every 1 request, what will be the outcome ?

PortSwigger Agent | Last updated: Oct 02, 2015 07:59AM UTC

You are right that this can lead to problems re-establishing a session. We have a pending feature request to stall all applicable threads while a session is re-established. In the meantime, you might need to reduce the thread count or choose the option to validate every X requests, as you describe.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.