Stay tuned for part 2!
I have found however, my frustrations come from maintaining multiple sessions, tracking changing session cookies, and just easily grabbing cookies from different sessions. We have a few options for making this process more simplistic that I wanted to share some tips on.
Modern versions of Chrome and Firefox have the ability to create different profiles which are commonly used to have different sets of favorites, plugins, and history for various reasons. These features however also are beneficial to pentesters because we can leverage them to maintain completely separate sessions to an application while easily being able to switch between them.
From Mozilla’s documentation:
Container tabs are like normal tabs however the sites you visit will have access to a separate slice of the browser's storage. This means your site preferences, logged in sessions, and advertising tracking data won't carry over to the new container. Likewise, any browsing you do within the new container will not affect your logged in sessions, or tracking data of your other containers.
Opening a container tab is simple one can just right click and existing tab to “re-open in container”, or right click the new tab button and select a container profile to open in.
Containers can be modified at about:preferences#containers
While these containers are great, they do not give us the same flexibility to specify different listening proxies to help separate traffic out between them in Burp. Not to worry though there is a handy plugin that provides this separate and more.
Stay tuned for part 2!