Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Macro+soap service

Chris | Last updated: Sep 07, 2017 11:16PM UTC

Hello, I have to test a soap service. Specifically a function that deletes a token. For the deletion to be successful I need to use the function to create it. So i created a macro that runs the creation and I have set the custom position of the token. However I cannot use this token to the deletion function that I want to test. This fails probably because the parameter is not "normal" - its in xml tags. Any ideas?

PortSwigger Agent | Last updated: Sep 08, 2017 08:50AM UTC

Hi Chris, Thanks for your message. Unfortunately, session handling rules don't support XML or JSON parameters at the moment. This has been requested a few times and we are going to look at it in the coming months. I've linked your support case to the backlog story, so we'll let you know when there's progress. In the meantime you could create a simple extension to handle this. There's a similar sample here: - https://github.com/PortSwigger/example-custom-session-tokens Please let us know if you need any further assistance.

Burp User | Last updated: Sep 08, 2017 03:28PM UTC

Hi, I modified a lot the example you gave me and finally achieved my goal. Thank you very much for your excellent support :)

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.