Token Tailor

Token Tailor automates the renewal of JWT and Basic authentication tokens. By eliminating the need for manual token extraction and updates, it reduces scanning errors and improves your testing workflow. Token Tailor enables session management for all traffic passing through Burp Suite, ensuring seamless authentication renewal and minimizing downtime during scans.

Features

• Tool-specific scope: Choose from specific tools or all traffic through Burp Suite to monitor for expired tokens.
• Easy configuration: Define a flow to retrieve a Bearer or Basic token by copying the request into the first tab. Subsequent tabs can be added to define the flow, with headers enclosed in § symbols for automatic inclusion or updates in requests.
• Expiry Conditions: Set conditions based on response status code, body, or custom text enclosed in § delimiters to trigger session renewal.
• Import / Export: Easily export and import configurations for reuse in new Burp sessions, ensuring token configurations are saved for future use.

Usage

1. In the "Request" tab, add a request that includes a JWT or Basic session token and send it to execute.
2. Define the expired condition in the "Exp" tab by specifying the response the server returns when the session expires. This typically includes status codes and response body comparisons.
3. Activate the Token Tailor extension by toggling the button at the bottom-left.

Note: For external tools like SQLMap, configure them to use the Burp Suite proxy, allowing Token Tailor to renew tokens and handle requests seamlessly.