Creating session-handling macros
In Burp Suite, the Project options tab allows testers to set up session-handling rules. A session-handling rule allows a tester to specify a set of actions Burp Suite will take in relation to session tokens or cross-site request forgery (CSRF) tokens while making HTTP requests. There is a default session-handling rule in scope for Spider and Scanner. However, in this recipe, we will create a new session-handling rule and use a macro to help us create an authenticated session from an unauthenticated one while using Repeater.
Getting ready
Using the OWASP Mutillidae II application, we will create a new Burp Suite session-handling rule, with an associated macro, to create an authenticated session from an unauthenticated one while using Repeater.
How to do it...
- Navigate to the Login page in Mutillidae. Log in to the application with the username
ed
with the passwordpentest
:
Figure 10.1 – Logging in...