HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Auth_analyzer: Burp Extension for testing authorization issues

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,456
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
complete_gui.png


auth_analyzer

The Burp extension helps you to find authorization bugs. Just navigate through the web application with a high privileged user and let the Auth Analyzer repeat your requests for any defined non-privileged user. With the possibility to define Parameters the Auth Analyzer is able to extract and replace parameter values automatically. With this for instance, CSRF tokens or even whole session characteristics can be auto extracted from responses and replaced in further requests. Each response will be analyzed and tagged on its bypass status.

Why should I use Auth Analyzer?

There are other existing Burp Extensions doing basically similar stuff. However, the force of the parameter feature and automatic value extraction is the main reason for choosing Auth Analyzer. With this, you don’t have to know the content of the data which must be exchanged. You can easily define your parameters and cookies and Auth Analyzer will catch on the fly the values needed. The Auth Analyzer does not perform any preflight requests. It does basically just the same thing as your web app. With your defined user roles/sessions.

GUI Overview

(1) Create or Clone a Session for every user you want to test.

(2) Save and load session setup

(3) Specify the session characteristics (Header(s) and / or Parameter(s) to replace)

(4) Set Filters if needed

(5) Start / Stop and Pause Auth Analyzer

(6) Specify table filter

(7) Navigate through Web App with another user and track results of the repeated requests

(8) Export table data to XML or HTML

(9) Manually analyze original and repeated requests/responses

Features

    Session Creation for each user role
    Renaming and Removing a Session
    Clone a Session
    Set any amount of Headers to replace/add
    Set Headers to remove
    Set any amount of parameters to replace
    Define how the parameter value will be discovered (automatic, static, prompt for input, from to string)
    Remove a specified parameter
    Detailed Filter Rules
    Detailed Status Panel for each Session
    Pause each Session separately
    Renew Auto Extracted Parameter Value automatically
    Repeat Request by context menu
    Table Data Filter
    Table Data Export Functionality
    Start / Stop / Pause the “Auth Analyzer”
    Pause each Session separately
    Restrict session to defined scope
    Filter Requests with same header(s)
    Drop Original Request functionality
    Detailed view of all processed Requests and Responses
    Send Header(s) and/or Parameter(s) directly to Auth Analyzer by Context Menu
    Autosave current configuration
    Save to file and load from file current configuration

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top