Session Timeout Test Extension for Burp Suite

This Burp Suite plugin attempts to determine how long it takes for a session to timeout at the server. It issues the same request multiple times at increasing period until a string in the response is matched. It is written completely in Java and takes advantage of the Burp 1.5.x Extender API.

How to use the extension:

Step 1: Choose a request to test, and select Test for Session Timeout from the context menu:

Session Timeout Test - Step 1

Step 2:Enter the match string which will indicate a session timeout, the minimum and maximum session duration, and the testing interval, and click START TEST:

Session Timeout Test - Step 2

Step 3: The extension issues a request at 15 minutes, 20 minutes, 25 minutes, etc, until the match string is detected in the response:

Session Timeout Test - Step 3

Using the same session again during the test will invalidate the results, so set it up and let it run overnight for 'Fire and Forget' testing!

I'd be interested in any feedback, please contact me.

Download binary Source code is availabe on Google Code.

Burp Suite 1.5.x required for use.