Burp Suite extension to grab OAuth2 access tokens and add them to requests as a custom header
Currently supported auth flows:
- Client Credentials
- Password Credentials
- Resource Owner Password Credentials (ROPC)
- Select desired grant type & client authentication method
- (Optional) Set a custom header for access tokens to be added to
- Input token URL
- Input relevant credentials and scope
- Hit 'Test'. You should receive an access token (Otherwise, try debug mode)
- Select desired tool scope
- Hit 'Activate'. The access token will then be added to all in scope traffic
- When the access token expires, a new one will be requested automatically