Burp Suite User Forum

Create new post

JWT Support

Rohil | Last updated: Sep 29, 2017 01:40PM UTC

Does burp support session management JWT tokens using Authorization Bearer header? If yes, could anyone provide an explanation?

PortSwigger Agent | Last updated: Sep 29, 2017 02:03PM UTC

Hi Rohil, Unfortunately, session handling rules do not natively support JWT. There are some extensions that might help you, such as Custom Parameter Handler and Match/Replace Session Action. If you have some scripting knowledge, you could code your own too.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.