Burp extension that allows you to fetch/renew oauth creds & access tokens for your requests automagically!
https://github.com/t3hbb/OAuthRenew
This tool will allow you to generate a signed JWT using OAuth client ID and credentials.
It will get the client assertion and then request a Bearer token.
If it recognizes that your token has expired, it will get a new one and replace it for subsequent requests :)
Modify the extension as necessary:
Enter your client credentials & extra params
Make adjustments to the POST parameters if needed.
If you have any extra params, make sure you include them here.
At the moment, the tool only works in Repeater. You can modify this here:
The extension checks for your specified token expired/error text.
It will detect that the token has expired or is invalidated.
NOTE: Sometimes you need to issue the request twice.
Observe that your subsequent requests should be properly authenticated.
NOTE: The token in your request might still look like the old one. The extension is handling it with the new token. (Trying to figure this out :) )
If something doesn't work, check the output console in Extender tab. It will retry at least 3 times to refresh the token before giving up.