Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Help with Custom Extension / Macro Involving Auth Tokens in URL

Jared | Last updated: Aug 18, 2023 08:32PM UTC

I am trying to perform some automated scans of a web application that utilizes a JWT in the URL, which has an expiration date of 10 minutes. The JWT always appears at the end: /api/v2/fakeendpoint/<JWT> I have seen similar articles were people have done this when the JWT is passed via headers and have attempted to base my solution off of some of those examples. I am utilizing a Session Handling rule to validate the session based on current request. If the response body contains 401 Unathorized, then a macro is invoked to issue a request to the auth endpoint. After the macro, my extension gets called. In my extension, I am able to parse out the JWT from the macro response and build a new URL, but then I am stuck. In the examples I have seen where others have done something similar when the JWT is passed via a header, they call: # Build request with bypass headers message = self.helpers.buildHttpMessage(headers, req_body) # Update Request with New Header currentRequest.setRequest(message) where headers and req_body are updated as needed. In my case, I cannot do something like currentRequest.setUrl(). I have tried to build a completely new request but have also failed at doing that. Here is my current performAction() function: def performAction(self, currentRequest, macroItems): request_info = self.helpers.analyzeRequest(currentRequest) headers = request_info.getHeaders() req_body = currentRequest.getRequest()[request_info.getBodyOffset():] #Extract the Bearer token from the macro response macro_response_info = self.helpers.analyzeResponse(macroItems[0].getResponse()) macro_msg = macroItems[0].getResponse() resp_body = macro_msg[macro_response_info.getBodyOffset():] macro_body_string = self.helpers.bytesToString(resp_body) bearer_token = json.loads(macro_body_string) bearer = "/" + bearer_token["accessToken"] req_url = request_info.getUrl() self.stdout.println("Original: ") self.stdout.println(req_url) jwt_pattern = r"/eyJ[A-Za-z0-9-_]+\.[A-Za-z0-9-_]+\.[A-Za-z0-9-_.+/=]*" url_with_replaced_jwt = re.sub(jwt_pattern, bearer, str(req_url)) self.stdout.println("Updated: ") self.stdout.println(url_with_replaced_jwt) java_url = URL(url_with_replaced_jwt) return

Hannah, PortSwigger Agent | Last updated: Aug 21, 2023 01:28PM UTC