Add Custom Header
Add or update custom HTTP headers from session handling rules. This is especially useful for JSON Web Tokens (JWT).
Basic usage, with a hard-coded value:
- Select the Add Custom Header tab and enter the header name and hard-coded value.
- Select Project Options -> Sessions
- Add a Session Handling rule
- Name it and select Add, Invoke a Burp Extension extension
- Make sure the scope is correct. If you're just trying this out, you can use Include all URLs, but set a proper scope for regular use.
- Select the Add Custom Header option from the list in the following screen
You can also use a dynamic value. In this case:
- Record a macro that fetches the dynamic value
- In the session handling rule, create an action to Run a macro and select the macro
- Enable After running the macro, invoke a Burp extension action handler and select Add Bearer Token
- In Add Customer Header enter a regular expression that extracts the value from the macro response
|Last updated||08 July 2020|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.