Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Configure Burp to pass dynamic authentication token from the past response to the next request

capacitor Jul 11, 2019 09:27PM UTC


I would like to reuse an authentication token (which is dynamic) between a response and a request in the intruder module.

(By dynamic I mean that the token is invalidated after being sent to the server and that we get a new token in the response.)

Here is how the authentication mechanism works:

https://i.stack.imgur.com/sdmsg.png

Please note that in the request the token is in the body and that in the response it's a custom header (Token: x)


Kanishk Gandharv Jul 13, 2019 05:47AM UTC
You can write a plugin to do this automatically for you (but i dont think that burp has intruder api support as of now?).

You can use any programming language where you can start your own proxy server and do the necessary programming logic (Store the last received token in a variable and replace it on the next subsequent request where you want to update it). Add this proxy server in your burp suite

Liam Tai-Hogan Jul 16, 2019 09:19AM UTC Support Center agent

You could try using the Turbo Intruder extension:

- https://portswigger.net/bappstore/9abaa233088242e8be252cd4ff534988


Post Your public answer

Your name
Your email address
Answer