Skip to content
/ JWS_Tool Public

Burp Extension to modify headers and maintain JWS validity

Notifications You must be signed in to change notification settings

t3hbb/JWS_Tool

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 

Repository files navigation

JWS_Tool

Burp Extension to modify headers and maintain JWS validity

Full information is available on my shells.sytems post here (https://shells.systems/adventures-in-burp-extender-land/).

Recently I was testing a mobile application and it’s interaction with an API backend. It was the first time that I had come across an application that used two different JWT tokens in the headers to authorise against the API end point.

Burp is great at handling cookies, but is not so great on handling JWTs from what I can tell. There are some existing Burp extensions but nothing I could find that would do what I wanted to be able to maintain valid sessions over a longer period of time than the JWT was valid for.

Once you start working with JWTs of a very short life span, it is difficult to run a long series of automated tests in Burp without running into the problem of the JWT expiring and rendering the rest of the tests useless.

This extension allows you to identify when a session has become invalid and request a new token and use that for the remaining tests.

This is not restricted to JWT or JWS and the code can serve as a basis for any header manipulation/addition/removal, body manipulation including fetching information from different websites to provide data for whichever bits you are manipulating.

To use with Burp, just save the python file somewhere and add via the Extender tab.

About

Burp Extension to modify headers and maintain JWS validity

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages