Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

2.0.09beta - Cookie Jar does not update with scanner

Jonathon orr Oct 25, 2018 10:32AM UTC

The cookie jar does not appear to update with cookies received during active scans.

The project options were configured to update the cookie jar from both the proxy and scanner. The proxy was working as expected, however no updates were occurring when a scan was running. The application being scanned updates the cookie upon each request therefore updates should have been occurring constantly.

I attempted enabling this setting both during and before running a scan, however neither method had any effect.

I tested this in the last (pre-beta) version of burp I have, 1.7.37, and the cookie jar was being updated as expected when performing the same scan.

Paul Johnston Oct 26, 2018 01:24PM UTC Support Center agent

If you are using the new “Crawl & audit” feature this is expected behavior. The new crawler and path-aware scanner handles cookies separately. Perhaps we should communicate this in the UI more clearly, but the behavior will not change – it’s just not possible to reconcile a simple cookie jar with the more advanced session handling logic.

If you use “Audit selected items” then the cookie jar is updated just like in Burp 1.

Post Your public answer

Your name
Your email address