• Burp Suite version with Montoya API support
• Java 21+ for local builds
• Match the release artifact to your runtime (for example, jdk21 jar for Java 21 runtime)

1. Download the latest OCISigner release from:
   • https://github.com/NetSPI/OCISigner/releases
2. Pick the jar compiled for your Burp Java runtime:
   • *-jdk[VERSION].jar for Burp running on Java VERSION
3. In Burp, go to Extensions -> Installed -> Add.

Figure 1. Burp Extensions tab with Add action.

Figure 2. File picker selecting release JAR.

Figure 3. Extension load dialog before confirming.

Figure 4. OCISigner loaded in Burp Extensions list.

1. Build:

mvn clean package

2. In Burp: Extensions -> Installed -> Add.
3. Set Extension type to Java.
4. Select target/OCISigner-*-all.jar.

1. Confirm a new OCISigner tab appears.
2. Create a test profile and click Save.
3. Click Test Credentials for that profile.
4. Set Always Sign With and send a Repeater request.
5. Confirm request contains an Authorization signature header.

1. Start with Config Profile (Auto) if you already use OCI CLI profiles.
2. Set a valid Region in the profile if your auth mode requires endpoint checks.
3. Leave Update timestamp enabled.
4. Keep Only sign in-scope requests enabled to avoid accidental cross-host signing.

• Verify Java runtime compatibility with the selected jar.
• Use a jdk[VERSION] release build if Burp runs Java [VERSION].

• Validate required profile fields for the selected auth type.
• For Config Profile, verify both config path and profile name.

Check all of the following:

• Signing Enabled is on
• Always Sign With is set
• Only sign in-scope requests does not filter target
• Only sign if Authorization exists is set as intended

• Auto import checks only ~/.oci/config.
• Use File import if your config is elsewhere.