Burp Suite User Forum

Login to post

Session Tracking for non-Cookie based apps

Gerrit | Last updated: Jun 08, 2020 06:56PM UTC

The Macro editor and session tracking features only seem to allow for updating of Cookie Values through a macro when a session becomes invalid. I have an app that utilizes an Authorization header with a JWT as its value to verify authorized requests. It would be great if we could use the Macro Editor to perform a new login (the JWT is passed as in the Response body), which should then be copied in the the Authorization header for new requests moving forward. From what I can tell, this is currently no possible. (Using version 2020.5)

Ben, PortSwigger Agent | Last updated: Jun 09, 2020 06:03PM UTC

Hi, Have you looked into using the Add Custom Header extension that we have hosted in our BApp store (you can access this via the Extender -> BApp Store tab in Burp)? There are some additional details of how this works at their original Github repository here - https://github.com/portswigger/add-custom-header.

Gerrit | Last updated: Jun 10, 2020 07:18PM UTC

Ahh, I didn't realize that integrated with the session handing stuff. Looks like it will do the trick.. Thanks.

You need to Log in to post a reply. Or register here, for free.