...

/

Extension Example 2: Custom Session Tokens

Extension Example 2: Custom Session Tokens

We will learn how Burp suite extender APIs can be used to create plugins to modify session-related information.

This lesson comes with a demo server to test the developed plugin. The application server code can be found here. Just run this server as node server.js. This will spin up the server at port 8000.

If we carefully observe the server.js file, we will notice that session information is stored in the SESSION_ID_KEY variable, which points to X-Custom-Session-Id.

const
...