Burp Enterprise Edition scan with custom header and plugin support
1. Can you specify a custom header on a Burp Enterprise scan? I need to supply a JWT in an authorization header before the app will even really respond and there is no direct login mechanism as it is a microservice.
2. Does Burp Enterprise have a way to use Burp professional plugins?
Currently this is not possible in Burp Enterprise. There is a ticket in our backlog to allow Burp Pro extensions to be used in Burp Enterprise. We’ve registered your interest in this. This should allow you to use the “Add Custom Header” extension.
Unfortunately we can’t tell you when this functionality will be available. We’ll update you when it has been released.
It looks like Enterprise Edition has a way to upload custom configuration files. Can we upload a JSON config file which has some "Session Rules" which insert the Authorization HTTP Header for JWT?
Thanks for the feedback Kevin.
You can upload configuration file to Burp Enterprise. However, the only session handling rule that will currently work with Burp’s crawl and scan is “Set a specific cookie or parameter value”.
Please let us know if you need any further assistance.
We do have plans to support this feature. Unfortunately, we can’t provide an ETA.