https://github.com/nccgroup/jwt-reauth

https://github.com/nccgroup/jwt-reauth

Last synced: about 2 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/nccgroup/jwt-reauth
• Owner: nccgroup
• License: apache-2.0
• Created: 2022-07-18T20:32:11.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2023-01-03T03:59:37.000Z (over 2 years ago)
• Last Synced: 2025-04-04T07:51:10.475Z (3 months ago)
• Language: Java
• Size: 709 KB
• Stars: 103
• Watchers: 10
• Forks: 12
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

• awesome-burp-extensions - JWT Re-auth - Burp plugin to cache authentication tokens from an "auth" URL, and then add them as headers on all requests going to a certain scope. (OAuth and SSO)

README

        
# JWT Re-auth

Burp plugin to cache authentication tokens from an "auth" URL, and then add them as headers on all requests going to a certain scope.

## Features

The plugin allows settings to be sent to it via context menus from various menus.

This includes using an entire captured request to acquire new authentication tokens.

![Screenshot showing a drop-down context menu inside of burpsuite, with the text "Send to JWT re-auth (set auth token)"](images/send-to-extension.png)

All of the settings for the plugin can be controller from the main UI panel:

![Screenshot showing the main UI, it has several rows of settings, with a name next to a text box describing each setting.

Then there are three, rows showing the state of the listener and most recently parsed tokens, with a button to copy the token.

In the bottom third of the screen there is a log showing events from the plugin, as well as buttons to filter them and a search box.](images/ui.png)

There is a seperate UI panel to show the scope:

![Screenshot showing a mostly empty panel with a drop-down spinner to filter the scope items, a search box,

and below that, one row showing a in-scope URL, and an empty row.](images/scope.png)

Finally we can see the plugin attaching a cached authentication token as a header.

![Screenshot shows firefox open with a webpage listing the headers sent to the site, one can be seen called Authorization, which holds the cached auth token.](images/demo.png)