In Burp, the Project options tab allows testers to set up session-handling rules. A session-handling rule allows a tester to specify a set of actions Burp will take in relation to session tokens or CSRF tokens while making HTTP Requests. There is a default session-handling rule in scope for Spider and Scanner. However, in this recipe, we will create a new session-handling rule and use a macro to help us create an authenticated session from an unauthenticated one while using Repeater.
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
- Getting Started with Burp Suite
- Getting to Know the Burp Suite of Tools
- Configuring, Spidering, Scanning, and Reporting with Burp
- Assessing Authentication Schemes
- Assessing Authorization Checks
- Assessing Session Management Mechanisms
- Assessing Business Logic
- Evaluating Input Validation Checks
- Attacking the Client
- Working with Burp Macros and Extensions
- Implementing Advanced Topic Attacks
- Other Books You May Enjoy
Creating session-handling macros
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.