There's a BApp for that: Autorize

Automatic authorization enforcement detection extension for burp suite written in Python developed by Barak Tawily to ease application security people work and allow them to perform an automatic authorization test.


This Authorization BApp can be used as a simpler alternative to There's a BApp for that: AuthMatrix when all the bells and whistles just aren’t necessary. Some simple test case scenarios include 1 or 2 user levels, or one authenticated user and an unauthenticated user for forced browsing.


Zachary Stashis


Contents:

  1. Installation

  2. Usage

  3. Turn on Autorize


(1) Installation

Extender > BApp Store > Autorize > Select "Install"


(2)Usage

Log in with normal testing credentials (example: Admin or User 1), open another browser (chrome, firefox etc) in "Private Window," Log in with secondary user account.


Open Autorize Tab, paste in cookies of User 2 in the box below:


(3) Turn on Autorize:

Crawl site as Admin or User 1, check back for results.


Load page in browser to confirm Bypassed pages.


26 views0 comments