AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are displayed through the UI in a similar format to that of an access control matrix commonly built in various threat modeling methodologies.
Once the tables have been assembled, testers can use the simple click-to-run interface to efficiently run all combinations of roles and requests. Testers can then confirm their results with an easy to read, color-coded interface indicating any authorization vulnerabilities detected in the system. Additionally, the extension provides the ability to save and load target configurations for simple regression testing.
Requires Jython version 2.7.0 or later
Version 0.8 release information: https://zuxsecurity.blogspot.com/2018/01/authmatrix-08.html
Please report issues on the project GitHub.
|Author||Mick Ayzenberg, Security Innovation|
|Last updated||02 February 2018|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.