This Burp extension allows you to dynamically add or update the DPoP (Demonstrating Proof of Possession) HTTP header to outgoing HTTP requests based on configured criteria.
- Dynamically generate DPoP JWT (JSON Web Token) and add it to HTTP headers.
- Supports both RSA public and private keys in JWK (JSON Web Key) format.
- Configurable target URL or URL regex pattern for DPoP header injection.
- Lightweight and easy-to-use interface integrated into Burp Suite.
- Download the
DPoPConfigurator.jarfile from the releases section. - Open Burp Suite.
- Go to the Extender > Extensions tab.
- Click on the "Add" button.
- Select the
DPoPConfigurator.jarfile and click "Next". - Once loaded, you should see the "DPoP Configurator" tab in the Burp Suite interface.
- Navigate to the "DPoP Configurator" tab in Burp Suite.
- Enter your RSA public and private keys in JWK format.
- Configure the target URL or URL regex pattern.
- Optionally, specify the HTTP header name for the DPoP token.
- Click "Apply" to save your settings.
- DPoP headers will be automatically added to outgoing requests based on the configured criteria.
Contributions are welcome! If you encounter any issues or have suggestions for improvements, please open an issue or submit a pull request.