Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

2.0.09beta - Cookie Jar does not update with scanner

Jonathon orr Oct 25, 2018 10:32AM UTC

The cookie jar does not appear to update with cookies received during active scans.

The project options were configured to update the cookie jar from both the proxy and scanner. The proxy was working as expected, however no updates were occurring when a scan was running. The application being scanned updates the cookie upon each request therefore updates should have been occurring constantly.

I attempted enabling this setting both during and before running a scan, however neither method had any effect.

I tested this in the last (pre-beta) version of burp I have, 1.7.37, and the cookie jar was being updated as expected when performing the same scan.

Paul Johnston Oct 26, 2018 01:24PM UTC Support Center agent

If you are using the new “Crawl & audit” feature this is expected behavior. The new crawler and path-aware scanner handles cookies separately. Perhaps we should communicate this in the UI more clearly, but the behavior will not change – it’s just not possible to reconcile a simple cookie jar with the more advanced session handling logic.

If you use “Audit selected items” then the cookie jar is updated just like in Burp 1.

Post Your public answer

Your name
Your email address