Closed lanmaster53 closed 2 years ago
virusvfv
commented
2 years ago Hi. Tell please more about this fail. Your burp version, how U installed this extension, and what error message it gives when loading (in Out / Error tabs in Burp Extender) ???
In my Burp (2022.5.1) release version of jar works well.
lanmaster53
commented
2 years ago I am using the package installer version of Burp Suite Pro 2022.5.1 (Stable) and Burp Suite Pro 2022.6 (Early Adopter) on a fully updated Mac OS Cataline 10.15.7. The extension is installed via the BApp store with no errors during loading.
I believe the issue to be the extension's recognition of the JWT. As you can see below, the JWT is sent in the Authorization header without the Bearer keyword. Perhaps the extension doesn't see this because of the way you recognize and parse JWTs. These requests aren't highlighted in the proxy history either. I can confirm that the extension does work properly when the Bearer keyword is present.
lanmaster53
commented
2 years ago Looking in the JWT4B configuration, it appears that the detection triggers are configurable. I modified them and now it does indeed detect the token. I will close this issue. Thanks!
After the latest update, the JWT4B attack interface is no longer available in Repeater or Intercept.