Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Sample Burp Suite extension: Session Tokens

This example demonstrates how you can couple a recorded macro with an extension to automatically gain a session token for a website and use it in later requests that Burp makes.

The macro mechanism that Burp provides allows you to record the request triggering creation of a session made via the proxy. To facilitate this demo we provide a NodeJS server that allows you to inject XSS but only for a given session.

First, to create the macro:

Burp / Project options / Sessions -> Macros -> Add

Macro UI

Upon inspection you can see in the response to the request that the webserver provides a session token, in this case as a header named X-Custom-Session-Id.

Response Session Token

Now you need to use this knowledge to build an extenion. By registering using callbacks.registerSessionHandlingAction(this); and implementing the ISessionHandlingAction interface your extension can inspect the result of the macro, provided in the second parameter of

public void performAction(IHttpRequestResponse currentRequest, IHttpRequestResponse[] macroItems)

using this knowledge to alter the first parameter, i.e. the current request that Burp is handling, which in this case will be a proxied request, but can rewrite requests made by any of Burp's tools, e.g. the Scanner or Repeater.

Now to link these together in a Session handling rule:

Burp / Project options / Sessions -> Session Handling Rule -> Add Session handling rule

Session Handling

Now you can configure Burp to use this rule for Scanning and only when browsing the local site:

Session Proxy

Now, when performing an active scan in Burp, you will find XSS as Burp is able to carry a custom session token across requests:

XSS

About

No description, website, or topics provided.

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.