Burp Sequencer is a sophisticated tool which is used to analyze the quality of randomness of data or tokens, specifically focusing on session tokens, csrf tokens, cookies, and other sensitive information.
Sequencer runs multiple randomness tests against a sample of tokens, then compiles the results to give you an indication of the quality of randomness in the sample. The tool is available for both community and professional versions.
Burp Sequencer to analyze the quality of randomness in an application's session tokens:
Open Burp's browser and access a deliberately vulnerable test website.
Go to Proxy > HTTP history and find an entry with a response that issues a session token, for example in a Set-Cookie header.
Right-click the entry and click Send to sequencer tab.
Go to the Sequencer tab.
Click Start live capture.
When Burp has captured a few hundred tokens, click Pause or Stop button.
To run randomness tests on the tokens, click Analyze now.
The analysis results are displayed in the Live capture window. It show a summary of the quality of randomness in the sample.
Helpful resources: