I have a scenario where I need to call /api/login to get a token and then use said token in subsequent calls until it expires.
Is there a way to automate the call and token extraction and then to auto add it to the next requests?
I have tried making a macro and I can define a regex to get the token - but I can't seem to make it auto add to my next requests in the repeater.
I made a session rule to call the macro on each request, and it does get called but the token isn't being added
Burp does not have a native functionality for that. You'll need to either write an Extension or use an existing one. I'd recommend Token Extractor.
Otherwise, you could also use Python for that. Proxy through localhost if you want to see the traffic in Burp. Do a regex parse (or json, if your data allows) and get the required token to use in the next request.
External links referenced by this document: