Hi Lorenzo,
We've tried to use the Add Custom Header plugin to solve an issue on our side where we needed a 'Authorization: Bearer xyz' header that would be automatically update on every request.
Unfortunately we didn't get it working correctly, probably our fault due to not using it correctly. We've tried to find a manual for that reason, but didn't find it. Would you be so kind to let us know what we are doing incorrectly, so this could serve as a manual for all the other users that might face the same issue?
Our configuration
In Burp Suite Pro > Project options > Sessions > Macro's we've add a macro called 'get bearer', with under configurable items one added item called (parameter name): 'accesstoken' where we selected the token we need.
To test this macro actually worked we created a Burp Suite Pro > Project options > Sessions > Session Handling rule that just runs the macro and udpates the current request. Scope set to /test/ on the same site for every repeater request.
Going into repeater, and requesting /test/?accesstoken=test will actually show the word test being replaced with the accesstoken, confirming the macro works.
Adding the plugin
Now, we installed Add Custom header, set the header name to 'Authorization' prefix to 'Bearer' and selected a hard-coded value 'test'.
Again, created a Burp Suite Pro > Project options > Sessions > Session Handling rule with invoked the 'add custom header' macro (probably a typo in the readme that tells us to 'add bearer token' should be selected here?) and set the scope similar to above.
Going into repeater, and requesting /test/?accesstoken=test will actually show the word test being replaced with the accesstoken, confirming the macro works. And we see the header added, so the plug-in should now also be working.
Now the part we can't get working
We've tried to set the Add Custom Header to a regular expression header value, and set it to accesstoken":"(.*?)".
Now, we would have expected when running the repeater again to see the header to be added with the acccesstoken value, but instead we don't see any header being added anymore.
Hi Lorenzo,
We've tried to use the Add Custom Header plugin to solve an issue on our side where we needed a 'Authorization: Bearer xyz' header that would be automatically update on every request.
Unfortunately we didn't get it working correctly, probably our fault due to not using it correctly. We've tried to find a manual for that reason, but didn't find it. Would you be so kind to let us know what we are doing incorrectly, so this could serve as a manual for all the other users that might face the same issue?
Our configuration
In Burp Suite Pro > Project options > Sessions > Macro's we've add a macro called 'get bearer', with under configurable items one added item called (parameter name): 'accesstoken' where we selected the token we need.
To test this macro actually worked we created a Burp Suite Pro > Project options > Sessions > Session Handling rule that just runs the macro and udpates the current request. Scope set to /test/ on the same site for every repeater request.
Going into repeater, and requesting /test/?accesstoken=test will actually show the word test being replaced with the accesstoken, confirming the macro works.
Adding the plugin
Now, we installed Add Custom header, set the header name to 'Authorization' prefix to 'Bearer' and selected a hard-coded value 'test'.
Again, created a Burp Suite Pro > Project options > Sessions > Session Handling rule with invoked the 'add custom header' macro (probably a typo in the readme that tells us to 'add bearer token' should be selected here?) and set the scope similar to above.
Going into repeater, and requesting /test/?accesstoken=test will actually show the word test being replaced with the accesstoken, confirming the macro works. And we see the header added, so the plug-in should now also be working.
Now the part we can't get working
We've tried to set the Add Custom Header to a regular expression header value, and set it to accesstoken":"(.*?)".
Now, we would have expected when running the repeater again to see the header to be added with the acccesstoken value, but instead we don't see any header being added anymore.