Comments on: Re-login plugin for Burp Suite http://chirashi.zensay.com/2009/05/re-login-plugin-for-burp-suite/ a blog with scattered thoughts on security. Fri, 03 Sep 2010 13:45:08 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Ch0pstick http://chirashi.zensay.com/2009/05/re-login-plugin-for-burp-suite/comment-page-1/#comment-290 Ch0pstick Sat, 26 Jun 2010 18:46:16 +0000 http://chirashi.zensay.com/?p=10#comment-290 In theory, this should work for all requests. The plugin looks for a specific pattern in the response body, if found, then it knows that the session has been invalidated. Then, the plugin will attempt to re-login to the web app. In my case, the login process was tedious and time consuming. The plugin cut my testing time by a third; mainly because the F5 BigIP was set to 'anal' mode. In theory, this should work for all requests. The plugin looks for a specific pattern in the response body, if found, then it knows that the session has been invalidated. Then, the plugin will attempt to re-login to the web app. In my case, the login process was tedious and time consuming. The plugin cut my testing time by a third; mainly because the F5 BigIP was set to 'anal' mode.

]]> By: yarrrr http://chirashi.zensay.com/2009/05/re-login-plugin-for-burp-suite/comment-page-1/#comment-289 yarrrr Sat, 26 Jun 2010 16:13:43 +0000 http://chirashi.zensay.com/?p=10#comment-289 I take it this doesn't rewrite queued requests in the scanner? as in, this is purely for manual poking? I take it this doesn't rewrite queued requests in the scanner? as in, this is purely for manual poking?

]]> By: Chirashi Security » I’m speaking at Hack In The Box 2009! http://chirashi.zensay.com/2009/05/re-login-plugin-for-burp-suite/comment-page-1/#comment-68 Chirashi Security » I’m speaking at Hack In The Box 2009! Tue, 04 Aug 2009 10:01:07 +0000 http://chirashi.zensay.com/?p=10#comment-68 [...] Training track precedes the con and is another great way of picking up some m4d l33t sk1llz.  I wrote a post on Burp Suite that talked a little bit about the Web Application Hackers Handbook and one of its [...] [...] Training track precedes the con and is another great way of picking up some m4d l33t sk1llz.  I wrote a post on Burp Suite that talked a little bit about the Web Application Hackers Handbook and one of its [...]

]]> By: Chopstick http://chirashi.zensay.com/2009/05/re-login-plugin-for-burp-suite/comment-page-1/#comment-6 Chopstick Wed, 13 May 2009 05:39:00 +0000 http://chirashi.zensay.com/?p=10#comment-6 Herro!<br /><br />Arigato gozaimasu! You're too kind. Herro!

Arigato gozaimasu! You’re too kind.

]]> By: Anonymous http://chirashi.zensay.com/2009/05/re-login-plugin-for-burp-suite/comment-page-1/#comment-5 Anonymous Tue, 12 May 2009 16:17:00 +0000 http://chirashi.zensay.com/?p=10#comment-5 Hey!<br /><br />Nice stuff man. <br /><br />You should realeaze this under your own moniker for phun and proaphit. Hey!

Nice stuff man.

You should realeaze this under your own moniker for phun and proaphit.

]]>