AuthMatrix

Description

AuthMatrix extension is used for test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are structured in a similar format to that of an access control matrix common in various threat modelling methodologies.
Once the tables have been assembled, testers can use the simple click-to-run interface to kick off all combinations of roles and requests. The results can be confirmed with an easy to read, colorr-coded interface indicating any authorization vulnerabilities detected in the system. Additionally, the extension provides the ability to save and load target configurations for simple regression testing.

Steps to install

  1. 1.
    Start Burp Suite.
  2. 2.
    Move to the Extender tab.
  3. 3.
    Go to BApp Store.
  4. 4.
    Search AuthMatrix.
  5. 5.
    Hit Install.

References

AuthMatrix 0.8
GitHub - SecurityInnovation/AuthMatrix: AuthMatrix is a Burp Suite extension that provides a simple way to test authorization in web applications and web services.
GitHub