burp-paramalyzer icon indicating copy to clipboard operation
burp-paramalyzer copied to clipboard

Published 20 hours ago verified publisher icon JGillam

Cookies tab doesn't honor the defined scope

Open ngregoire opened this issue 5 years ago • 0 comments

Hello,

the "Cookies" tab will list all cookies stored in the Proxy History, even if the corresponding messages aren't in scope. The bug is in method firstPass(), where isInScope() is checked only for parameters.

private void firstPass(IExtensionHelpers helpers, IHttpRequestResponse[] messages) {
        [...]
        //  Analyze response for cookies
        if(messages[i].getResponse() != null) {
            IResponseInfo responseInfo = helpers.analyzeResponse(messages[i].getResponse());
            List<String> headers = responseInfo.getHeaders();
            for (String header: headers){
                if (startsWithIgnoreCase(header, "set-cookie:")) {
                    processCookieHeader(header);
                }
            }
        }
        [...]

ngregoire avatar Jan 22 '20 17:01 ngregoire