Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Burp Enterprise Edition scan with custom header and plugin support

Allen May 15, 2019 07:27PM UTC

Two questions

1. Can you specify a custom header on a Burp Enterprise scan? I need to supply a JWT in an authorization header before the app will even really respond and there is no direct login mechanism as it is a microservice.

2. Does Burp Enterprise have a way to use Burp professional plugins?


Rose Krawczuk May 16, 2019 08:10AM UTC Support Center agent

Currently this is not possible in Burp Enterprise. There is a ticket in our backlog to allow Burp Pro extensions to be used in Burp Enterprise. We’ve registered your interest in this. This should allow you to use the “Add Custom Header” extension.

Unfortunately we can’t tell you when this functionality will be available. We’ll update you when it has been released.


Kevin May 16, 2019 04:16PM UTC
Add me to the list, too.

It looks like Enterprise Edition has a way to upload custom configuration files. Can we upload a JSON config file which has some "Session Rules" which insert the Authorization HTTP Header for JWT?

Liam Tai-Hogan May 17, 2019 02:50PM UTC Support Center agent

Thanks for the feedback Kevin.

You can upload configuration file to Burp Enterprise. However, the only session handling rule that will currently work with Burp’s crawl and scan is “Set a specific cookie or parameter value”.

- https://support.portswigger.net/customer/portal/articles/2973443-using-burp-suite-enterprise-creating-a-custom-scan-configuration

Please let us know if you need any further assistance.


Kevin May 20, 2019 08:30PM UTC
When will this be supported in EE? For JWT authorization this is a non-starter. Thanks!

Liam Tai-Hogan May 21, 2019 01:25PM UTC Support Center agent

We do have plans to support this feature. Unfortunately, we can’t provide an ETA.


Post Your public answer

Your name
Your email address
Answer