Update Authorization Headers in Burp Suite using AuthHeaderUpdater

While performing scans in Burp Suite you may have ran across instances where your Authorization header in outbound requests start throwing 401 errors because the token invalidated part of the way through the scan. This is a headache because you have to completely stop the scan and start over with a valid token(which may again expire through the scan at any point).

Today, we introduce a way to solve this rolling out a new Burp Suite (v1 and Beta v2) extension called AuthHeaderUpdater that will allow you to update the token on the fly. The extension will then inject the new token you have provided into all outbound scanner requests and keep your session valid.

Auth Header Updater

Here's how to get it up and running:

  1. Head over to the Github repo and clone down the code: Github

   2. Within Burp, Go to Extender Tab -> Add.  Select the jar file thats in the Dist folder of the repo you just cloned.  Click Next and then Close.  Notice the new "Auth Header Updater Tab"

   3. Specify the Authorization: Bearer token value you want to use in the "Auth Bearer Token" text box and click "Enabled".

It will then replace

Authentication: Bearer <token>

with

Authentication: Bearer <value from the extension>

while doing a scan.

NOTE: Need to use the original token value again? Uncheck "Enabled" to disable the extension.

Authors

Carl Sampson

Read more posts by this author.

Indianapolis, IN https://www.chs.us