This Burp extension allows you to dynamically add or update the DPoP (Demonstrating Proof of Possession) HTTP header to outgoing HTTP requests based on configured criteria.

Features

• Dynamically generate DPoP JWT (JSON Web Token) and add it to HTTP headers.
• Supports both RSA public and private keys in JWK (JSON Web Key) format.
• Configurable target URL or URL regex pattern for DPoP header injection.
• Lightweight and easy-to-use interface integrated into Burp Suite.

Usage

• Navigate to the "DPoP Configurator" tab in Burp Suite.
• Enter your RSA public and private keys in JWK format.
• Configure the target URL or URL regex pattern.
• Optionally, specify the HTTP header name for the DPoP token.
• Click "Apply" to save your settings.
• DPoP headers will be automatically added to outgoing requests based on the configured criteria.