Burp Suite User Forum

JWT Support for Session Handling

Jordan | Last updated: Mar 18, 2020 01:51PM UTC

Creating session handling rules for applications that utilize JWT's for authentication poses an interesting problem since as far as I can tell, using a Macro and Session Handling rules only allows the ability to update cookies. The ability to add the received Cookies as Headers instead would alleviate the issue and allow us to automatically update JWT values. I have also seen where XSRF tokens are assigned like cookies, but placed in the Request as a Header.

Liam, PortSwigger Agent | Last updated: Mar 18, 2020 02:20PM UTC

Jordan, have you tried using the Add Custom Header extension from the BApp store? - https://portswigger.net/bappstore/807907f5380c4cb38748ef4fc1d8cdbc Let us know if this helps.

You need to Log in to post a reply. Or register here, for free.