How to maintain an HTTP session in Burp?

Question

How to maintain an HTTP session in Burp?

My application is a single page application. It has the following modules. Add user, edit user, delete user, settings. and etc.,

I compiled the entire url in the history of HTTP using Burp Proxy.

I wanted to perform Scan, SQL Injection, XSS for the modules I specified.

1) First, I wanted to make sure that it was worth doing a scan, since the html and js files are on the client side, and all the logic is in Webapi.

2) How to maintain an HTTP session in all modules?

3) Can I run automatically sequential wise, how does the soap user interface work?

+6

burp

Changan Feb 23 '17 at 12:45

source share

1 answer

Itesh srivastava · Accepted Answer · 2017-03-10T05:28:24+0000

at your point 1, I suggest yes, because js functions are the biggest culprits for security problems, we can pass an executable request from the client if JS calls an ajax call. In addition, some customers require security reports, so Burp's clean status report helps with the SOW.

in step 2, you don’t need to worry about the Http session, I used burp prof versions 1.5 and 1.6, and you only need to write down the steps correctly to complete the same steps at runtime. Burp supports all browser-like session processing support.

in paragraph 3, burping a spider begins with the sequence that you record, but after this spider continues to download and respond from the servers.

How to maintain an HTTP session in Burp?

More articles: