Professional Community

Token Tailor

Token Tailor automates the renewal of JWT and Basic authentication tokens. By eliminating the need for manual token extraction and updates, it reduces scanning errors and improves your testing workflow. Token Tailor enables session management for all traffic passing through Burp Suite, ensuring seamless authentication renewal and minimizing downtime during scans.

Features

  • Tool-specific scope: Choose from specific tools or all traffic through Burp Suite to monitor for expired tokens.
  • Easy configuration: Define a flow to retrieve a Bearer or Basic token by copying the request into the first tab. Subsequent tabs can be added to define the flow, with headers enclosed in § symbols for automatic inclusion or updates in requests.
  • Expiry Conditions: Set conditions based on response status code, body, or custom text enclosed in § delimiters to trigger session renewal.
  • Import / Export: Easily export and import configurations for reuse in new Burp sessions, ensuring token configurations are saved for future use.

Usage

  1. In the "Request" tab, add a request that includes a JWT or Basic session token and send it to execute.
  2. Define the expired condition in the "Exp" tab by specifying the response the server returns when the session expires. This typically includes status codes and response body comparisons.
  3. Activate the Token Tailor extension by toggling the button at the bottom-left.

Note: For external tools like SQLMap, configure them to use the Burp Suite proxy, allowing Token Tailor to renew tokens and handle requests seamlessly.

Author

Author

forteBruno

Version

Version

1.0.1

Rating

Rating

Popularity

Popularity

Last updated

Last updated

05 June 2025

Estimated system impact

Estimated system impact

Overall impact: Empty

Memory
Empty
CPU
Empty
General
Empty
Scanner
Empty

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.