Week 41 - BURP ATOR
Last updated
Last updated
Are you tired of JSON Web Tokens (JWTs) quickly expiring while running an #AppSec engagement? I know firsthand the frustration you can feel when tokens seem to expire before you can even send them to the Repeater tab!! Luckily there is an amazing #BurpSuite extension called Authentication Token Obtain and Replace (ATOR). To use it, all you need to do is: 1. Specify the Error Condition: when does ATOR need to take action, AKA upon being told the JWT expired. See photo for an example of how I told ATOR to act upon receiving 401 unauthorized. 2. Obtain New Token: tell ATOR to re-run the login request that responds with a valid JWT. Select that JWT from the response so ATOR knows how to identify it. 3. Replace the Token: when the error condition from step 1 occurs (401 unauthorized), where should ATOR place the new token acquired from step 2? Most likely this will be in the request header -> Authorization: Bearer <token-here> Last, in the settings select what tools you want ATOR to run on, I recommend both the Repeater and Intruder. Now your macro should run in the background allowing you a little less frustration in your life!