Burp community forum

Configure Burp to pass dynamic authentication token from the past response to the next request

capacitor | Last updated: Jul 11, 2019 09:27PM UTC

I would like to reuse an authentication token (which is dynamic) between a response and a request in the intruder module. (By dynamic I mean that the token is invalidated after being sent to the server and that we get a new token in the response.) Here is how the authentication mechanism works: https://i.stack.imgur.com/sdmsg.png Please note that in the request the token is in the body and that in the response it's a custom header (Token: x)

Burp User | Last updated: Jul 13, 2019 05:47AM UTC

You can write a plugin to do this automatically for you (but i dont think that burp has intruder api support as of now?). You can use any programming language where you can start your own proxy server and do the necessary programming logic (Store the last received token in a variable and replace it on the next subsequent request where you want to update it). Add this proxy server in your burp suite

Liam, PortSwigger Agent | Last updated: Jul 16, 2019 09:17AM UTC

You could try using the Turbo Intruder extension: - https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988

You need to Log in to post a reply. Or register here, for free.