Shulou(Shulou.com)06/02 Report--

Burpsuite how to scan authorization vulnerabilities, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

AuthMatrix

AuthMatrix is an extension to Burp Suite that provides an easy way to test authorization functionality in Web applications and Web services. With AuthMatrix, penetration testers can focus on fully defining a table of users, roles, and requests for their specific target applications. The structure of these tables is similar to the format of the access control matrix commonly used in various threat modeling methods.

After the table is assembled, the penetration tester can use a simple web interface to start all combinations of roles and requests. The results can be confirmed through an easy-to-read color-coded interface that indicates any authorization vulnerabilities detected in the system. In addition, the extension can save and load the target configuration for simple regression testing.

To put it simply, it is a plug-in used to detect authorization problems, and session can be set up for automated testing.

Plug-in project address: https://github.com/SecurityInnovation/AuthMatrix

Installation

One-click installation

You can install AuthMatrix through BApp Store in BurpSuite.

[Extender]-> [BApp Store], locate the AuthMatrix, and click "install".

Manual installation

Download the AuthMatrix.py in the project.

Download address: https://github.com/SecurityInnovation/AuthMatrix

In BurpSuite, [Extender]-> [Add], change the extension type to Python, and then select the python file you just downloaded to install it.

Specific usage

Click New Role to create a new role (in this case there are two roles: super admin and admin).

Click New User to create a user whose user name is arbitrary and easy to distinguish (in this case, a login mailbox is used).

Check the corresponding role of the user.

Extract the unique identifier of the user and fill in Session Token (it is recommended to grab the package at the login site and use Repeater to construct different users' login requests to obtain their respective cookie. If there are multiple cookie, you can use semicolons to separate them.)

At the HTTP History of Repeater or Proxy, select (press and hold the Control key to select more) the requests that needs to be detected, and then right-click and select Send request to AuthMatrix.

Go back to the AuthMatrix tab and change the Success Regex to the appropriate regular (in this example, there will be errmsg in the response when there is no permission to access, so errmsg is used, but the default is ^ HTTP/1\ .1200 OK, so it has to be changed manually every time, which is troublesome).

If you want to test all the requests, go directly to the bottom Run. If you want to detect a single request, right-click on the request and select Run Request (press Control to select multiple selections is also applicable).

The program will automatically change the cookie in each request to the previously set cookie of the same name, and when the response matches to a regular, it will appear red, and vice versa, green (blue is session expiration).

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.