search

JGillam / burp-paramalyzer

Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
http://jgillam.github.io/burp-paramalyzer/
154 stars 26 forks source link

Cookies tab doesn't honor the defined scope #20

Closed ngregoire closed 6 months ago

ngregoire commented 4 years ago

Hello,

the "Cookies" tab will list all cookies stored in the Proxy History, even if the corresponding messages aren't in scope. The bug is in method firstPass(), where isInScope() is checked only for parameters.

private void firstPass(IExtensionHelpers helpers, IHttpRequestResponse[] messages) {
        [...]
        //  Analyze response for cookies
        if(messages[i].getResponse() != null) {
            IResponseInfo responseInfo = helpers.analyzeResponse(messages[i].getResponse());
            List<String> headers = responseInfo.getHeaders();
            for (String header: headers){
                if (startsWithIgnoreCase(header, "set-cookie:")) {
                    processCookieHeader(header);
                }
            }
        }
        [...]
JGillam commented 6 months ago

I believe this was resolved in v 2.2.2 but I forgot to close this issue.