While performing scans in Burp Suite you may have ran across instances where your
Authorization header in outbound requests start throwing 401 errors because the token invalidated part of the way through the scan. This is a headache because you have to completely stop the scan and start over with a valid token(which may again expire through the scan at any point).
Today, we introduce a way to solve this rolling out a new Burp Suite (v1 and Beta v2) extension called AuthHeaderUpdater that will allow you to update the token on the fly. The extension will then inject the new token you have provided into all outbound scanner requests and keep your session valid.
Here's how to get it up and running:
- Head over to the Github repo and clone down the code: Github
2. Within Burp, Go to Extender Tab -> Add. Select the jar file thats in the
Dist folder of the repo you just cloned. Click Next and then Close. Notice the new "Auth Header Updater Tab"
3. Specify the
Authorization: Bearer token value you want to use in the "Auth Bearer Token" text box and click "Enabled".
It will then replace
Authentication: Bearer <token>
Authentication: Bearer <value from the extension>
while doing a scan.
NOTE: Need to use the original token value again? Uncheck "Enabled" to disable the extension.