How to Maintain HTTP Session in Burp suite?

Question

My Application is single page application. It has following modules.. Add User, Edit User, Delete User, Settings. etc.,

I have collected all the url's in the HTTP history using Burp Proxy.

I wanted to do Scan, SQL Injection, XSS for the modules that i pointed out.

1) First i wanted to make sure that is it worth to do scanning as html and js files are there in the client side and all the logic is in Webapi..

2) How to maintain a HTTP session across all the modules?

3) Can I run automatically sequential wise like how soap UI works?

score 0 · Accepted Answer · answered Mar 10 '17 at 05:28

on your point 1 i suggest yes because the js functions are the biggest culprits in security issues, we can pass executable query from client if the JS calling the ajax call. Also some customer demands the security reports so the Burp clean report help in the SOW.

on point 2 you don't need to worry about the Http session, i used burp prof version 1.5 and 1.6 and you only need to record the steps correctly so that while execution it follow the same steps. Burp support all the session handling support similar to browser.

on point 3 burp spider start with the sequence you record but after that spider goes on the load and response from servers.

Chan did you tried this? do let me know if you are facing any issue. — Ritesh Srivastava, Mar 13 '17 at 16:57
facing problem in maintaining session..getting session timed out when try.. — ChanGan, Mar 14 '17 at 04:49

How to Maintain HTTP Session in Burp suite?

1 Answers1