Add or update custom HTTP headers from session handling rules. This is especially useful for JSON Web Tokens (JWT).

Basic usage, with a hard-coded value:

1. Select the Add Custom Header tab and enter the header name and hard-coded value.
2. Select Project Options -> Sessions
3. Add a Session Handling rule
4. Name it and select Add, Invoke a Burp Extension extension
5. Make sure the scope is correct. If you're just trying this out, you can use Include all URLs, but set a proper scope for regular use.
6. Select the Add Custom Header option from the list in the following screen

You can also use a dynamic value. In this case:

1. Record a macro that fetches the dynamic value
2. In the session handling rule, create an action to Run a macro and select the macro
3. Enable After running the macro, invoke a Burp extension action handler and select Add Bearer Token
4. In Add Customer Header enter a regular expression that extracts the value from the macro response