AuthMatrix – Burp Extension to Test Web Authorization

AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With this burp extension, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are structured in a similar format to that of an access control matrix common in various threat modeling methodologies.

AuthMatrix – Burp Extension to Test Web Authorization
AuthMatrix – Burp Extension to Test Web Authorization

Once the tables have been assembled, testers can use the simple click-to-run interface to kick off all combinations of roles and requests. The results can be confirmed with an easy to read, color-coded interface indicating any authorization vulnerabilities detected in the system. Additionally, the extension provides the ability to save and load target configurations for simple regression testing.

The extension can be installed through the Burp Suite BApp Store. From within Burp Suite, select the Extender tab, select the BApp Store, select the application, and click install.

For Manual installation, download AuthMatrix.py from this repository. Then from within Burp Suite, select the Extender tab, click the Add button, change the Extension type to Python, and select the AuthMatrix python file.

You can read more about this extension over here: https://github.com/SecurityInnovation/AuthMatrix

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments