Session Timeout Test Extension for Burp Suite
This Burp Suite plugin attempts to determine how long it takes for a session to timeout at the server. It issues the same request multiple times at increasing period until a string in the response is matched. It is written completely in Java and takes advantage of the Burp 1.5.x Extender API.
How to use the extension:
Step 1: Choose a request to test, and select Test for Session Timeout from the context menu:
Step 2:Enter the match string which will indicate a session timeout, the minimum and maximum session duration, and the testing interval, and click START TEST:
Step 3: The extension issues a request at 15 minutes, 20 minutes, 25 minutes, etc, until the match string is detected in the response:
Using the same session again during the test will invalidate the results, so set it up and let it run overnight for 'Fire and Forget' testing!
I'd be interested in any feedback, please contact me.
Burp Suite 1.5.x required for use.