Auraditor, Salesforce Aura and Lightning (LWC) Helper

Auraditor is a security testing extension for Salesforce Lightning and Aura framework applications. It provides comprehensive audit capabilities including action management, endpoint discovery, route testing, and specialized tools for analyzing Salesforce IDs. This extension is designed for authorized security testing only.

Features

• Edit Aura actions directly in HTTP requests with tabbed interface for adding, removing, and modifying controller names, method names, and JSON parameters
• Discover Aura controllers, methods, and Lightning Web Component endpoints by analyzing JavaScript files and application routes
• Test discovered routes automatically, categorize responses, and export results for analysis
• Analyze and manipulate Salesforce IDs with tools for converting between 15 and 18-character formats, generating sequential IDs, and creating custom Intruder payloads
• Save and manage multiple base requests from HTTP history for reuse in testing operations

Usage

1. Send an Aura framework request to Auraditor using the context menu, or add a compatible request from the main tab
2. Use the Request Editor tabs to view and modify Aura actions, including controller names, methods, and parameters
3. Run discovery operations from the Actions tab to identify controllers, methods, and routes from JavaScript files
4. Test discovered routes automatically and review categorized results
5. Use the Salesforce ID Lab to analyze ID structure, convert formats, or generate custom payloads for Intruder attacks