Issue when parsing cookie

[matiassequeira]

Hello!

The following response:

HTTP/2 302 Found
Vary: Origin
Access-Control-Allow-Credentials: true
Access-Control-Expose-Headers: Set-Cookie
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block
Set-Cookie: xsrf-token=aa7b0494-9f22-XXX; Path=/new; Secure; SameSite=None
X-Frame-Options: SAMEORIGIN
Location: /REDACTED
Content-Length: 0
Date: Fri, 04 Mar 2022 16:21:17 GMT

Is not being picked up by the tool. Could this be due to the fact that there's a Set-Cookie value before this?

EDIT: My session looks like this:

[simioni87]

Hi! I assume this is due to the redirection. The Burp Extender API method makeHttpRequest probably follows the redirection automatically and therfore the final response is processed for extraction. Could be difficult to investiagte on this. Hint: You don't have to define the Cookie Header with the insertion point to replace the extracted Cookie. This will be done with the specified parameter automatically...

[matiassequeira]

Hi, thanks for your response! I'm currently writing a Burp extension and if I correctly recall, makeHttpRequest does not follow redirects. Regarding your hint: so if I understood correctly, the "Headers to replace" field could be empty?

[simioni87]

You are right, redirects will not be followed. However, I am not able to reproduce the issue. Extracting the cookie on redirects works for me:

Probably you run into some issues because you have additional set the Cookie header in the "Headers to replace" field. Leave this field empty if you specify the Cookie as a parameter.

[simioni87]

Issue will be closed, see comment above...