Skip to content

Instantly share code, notes, and snippets.

Created January 24, 2018 20:49
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Sample code to go with the Burp Macro blog post at
$message = "";
if (array_key_exists ("token", $_POST) && array_key_exists ("token", $_SESSION)) {
if (array_key_exists ("token", $_SESSION)) {
if ($_POST['token'] == $_SESSION['token']) {
$message = "Success";
} else {
$message = "Tokens don't match";
} else {
$message = "Token not in session";
} else {
$message = "Token not sent in POST";
$token = md5(mt_rand());
$_SESSION['token'] = $token;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "">
<html xmlns="" xml:lang="en" lang="en">
<title>Burp Suite Macro Demo Test Page</title>
<meta name="Description" content="A page to use to practice with Burp Suite macros and session handling" />
<h1>Burp Suite Macro Test Form</h1>
<p>This form is designed to be used alongside the <a href="">Burp Macros and Session Handling</a> blog post by <a href="">Robin Wood</a>.</p>
<form method="post" action="<?=htmlentities ($_SERVER['PHP_SELF'])?>">
<input type="submit" value="Submit" name="submit" />
<input type="hidden" value="" name="token" id="token" />
document.getElementById("token").value = "<?=htmlentities ($token)?>";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment