kali-linux jwt burp-suite ctf: Updated Mon, 16 May 2022 18:33:57 GMT

Extract data from burp response and use in another request

I have a scenario where I need to call /api/login to get a token and then use said token in subsequent calls until it expires.

Is there a way to automate the call and token extraction and then to auto add it to the next requests?

I have tried making a macro and I can define a regex to get the token - but I can't seem to make it auto add to my next requests in the repeater.

I made a session rule to call the macro on each request, and it does get called but the token isn't being added

Solution

Burp does not have a native functionality for that. You'll need to either write an Extension or use an existing one. I'd recommend Token Extractor.

Otherwise, you could also use Python for that. Proxy through localhost if you want to see the traffic in Burp. Do a regex parse (or json, if your data allows) and get the required token to use in the next request.

External Links

External links referenced by this document:

https://portswigger.net/bappstore/f24211fa6fcd4bbea6b21f99c5cad27a

References

https://security.stackexchange.com/questions/215901