Burp Suite Shorts | Automatic Session Handling
Summary
TLDRIn this video, Tom from the Burp Scanner development team discusses automatic session handling in Burp Scanner, a critical feature for effective web application testing. He demonstrates how Burp's crawler and audit functions maintain session continuity to ensure payloads reach the attack surface, using an example app with a limited session lifespan. Tom explains how Burp identifies session loss and re-establishes it to continue scanning, maximizing coverage and the likelihood of finding vulnerabilities like the reflected XSS shown in the example.
Takeaways
- 🔍 Tom from the Burp Scanner development team discusses automatic session handling in Burp Scanner.
- 🌐 The session handling is crucial for maintaining a valid session during the scanning process.
- 📈 An example application is used to demonstrate the importance of session handling, where a page allows only five visits before blocking further access.
- 🚫 Active scanning might fail to detect vulnerabilities if the session is not maintained properly, as payloads won't reach the application.
- 🔄 Burp Scanner can automatically handle sessions by using the information gathered during the crawling process.
- 🔎 Burp Crawler explores the application, identifies vulnerable pages, and determines the steps needed to maintain session.
- 🛑 If the scanner detects an unexpected response, it checks if the session is still valid by sending an unmodified base request.
- 🔄 If the session is lost, Burp Scanner will revert to the last successful session and re-scan to ensure maximum coverage.
- 🔗 Burp Scanner tries to find the shortest viable path to maintain the session and continue sending payloads.
- 💡 The community has shown a lot of interest in this feature, indicating its importance in effective vulnerability scanning.
Q & A
Who is the speaker in the provided transcript?
-The speaker is Tom from the Burp Scanner development team.
What is the main topic discussed in the transcript?
-The main topic is automatic session handling in Burp Scanner, particularly in the context of auditing web applications.
What is the example application in the transcript used to demonstrate?
-The example application is used to demonstrate the importance of session handling in Burp Scanner when dealing with pages that have session limits, such as allowing only five visits.
Why is session handling important in the context of the example application?
-Session handling is important because without it, the Burp Scanner might not be able to find vulnerabilities like reflections, as the session could expire before the scanner can send payloads to the page.
What happens when the session expires in the example application?
-When the session expires, the application starts returning a 400 error, indicating that the scanner's payloads are not reaching the attack surface, and thus, no vulnerabilities are found.
How does Burp Scanner handle session expiration during an audit?
-Burp Scanner detects when it is out of session by sending an unmodified base request and comparing the response. If the response is unexpected, it will attempt to reestablish the session by revisiting the full path to the location.
What does Burp Scanner do if it detects that it is out of session?
-If Burp Scanner detects it is out of session, it will revert to the last successful session, reestablish a new session, and continue sending payloads from that point.
How does Burp Scanner ensure maximum coverage during an audit?
-Burp Scanner ensures maximum coverage by continually checking if payloads are in session and rerunning any scan checks that have been seeing unsuccessful responses since the last successful session.
What is the role of the Burp Crawler in the auditing process?
-The Burp Crawler explores the application, finds vulnerable pages, and figures out the steps required to get back to those pages if the session is lost, which is then used by the audit to maintain the session.
What was the outcome of the crawl and audit in the example provided?
-The outcome was the discovery of a reflection vulnerability and a cross-site scripting vulnerability in the example application.
How can the community request more topics or suggestions for the Burp Scanner development team?
-The community can provide their suggestions or request more topics by reaching out to the Burp Scanner development team, possibly through their communication channels.
Outlines
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts
This section is available to paid users only. Please upgrade to access this part.
Upgrade Now5.0 / 5 (0 votes)