-
Install BurpSuite Pro (or any version where extensions are enabled)
Determine which cookie(s) are required to maintain the session. It does this by making a series of requests: first establishing the request/response is predictable, next making sure cookies are required, then removing a cookie at a time until only the session cookies are left.
-
Start burp and use the Extensions tab to add the G2DetermineSessionCookie python file
-
Login into an application
-
Using the Proxy History tab right click a request/response which is somewhat reliable (will not change too much if you request it over and over) but will change if you're not logged in.
-
Select G2DetermineSessionCookie