itsMe Posted August 9, 2021 Share Posted August 9, 2021 This is the hidden content, please Sign In or Sign Up auth_analyzer The Burp extension helps you to find authorization bugs. Just navigate through the web application with a high privileged user and let the Auth Analyzer repeat your requests for any defined non-privileged user. With the possibility to define Parameters the Auth Analyzer is able to extract and replace parameter values automatically. With this for instance, CSRF tokens or even whole session characteristics can be auto extracted from responses and replaced in further requests. Each response will be analyzed and tagged on its bypass status. Why should I use Auth Analyzer? There are other existing Burp Extensions doing basically similar stuff. However, the force of the parameter feature and automatic value extraction is the main reason for choosing Auth Analyzer. With this, you don’t have to know the content of the data which must be exchanged. You can easily define your parameters and cookies and Auth Analyzer will catch on the fly the values needed. The Auth Analyzer does not perform any preflight requests. It does basically just the same thing as your web app. With your defined user roles/sessions. GUI Overview (1) Create or Clone a Session for every user you want to test. (2) Save and load session setup (3) Specify the session characteristics (Header(s) and / or Parameter(s) to replace) (4) Set Filters if needed (5) Start / Stop and Pause Auth Analyzer (6) Specify table filter (7) Navigate through Web App with another user and track results of the repeated requests (8) Export table data to XML or HTML (9) Manually analyze original and repeated requests/responses Features Session Creation for each user role Renaming and Removing a Session Clone a Session Set any amount of Headers to replace/add Set Headers to remove Set any amount of parameters to replace Define how the parameter value will be discovered (automatic, static, prompt for input, from to string) Remove a specified parameter Detailed Filter Rules Detailed Status Panel for each Session Pause each Session separately Renew Auto Extracted Parameter Value automatically Repeat Request by context menu Table Data Filter Table Data Export Functionality Start / Stop / Pause the “Auth Analyzer” Pause each Session separately Restrict session to defined scope Filter Requests with same header(s) Drop Original Request functionality Detailed view of all processed Requests and Responses Send Header(s) and/or Parameter(s) directly to Auth Analyzer by Context Menu Autosave current configuration Save to file and load from file current configuration This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
.webp.8407a83ac96563f75e1c428a1f0d4c3e.webp)
.webp.9a04cec050a656fab081ac190f971c3f.webp)
Hack Tools Resurrection
itsMe
dEEpEst
Recommended Posts