Burp Suite User Forum

Login to post

Autorize - IDOR Test

Alberto | Last updated: Sep 21, 2021 02:28PM UTC

Hi, Right now I'm using Burp Extension Autorize to test for IDOR. I'm curious if there is any way, or maybe another extension, to make Autorize more automatic. For example, now I click on every button on the site to be sure I got all possible path or api. Then I start analyzing the result to find if there are false positive and I put them out of scope. Then, If I i want to see the effect of removing them from the scope I need to click all again and If the web application is big I can't click again every single time I remove something from the scope. So I would like to know if there is any way to automatically update the list I already done. Thanks, Alberto

Hannah, PortSwigger Agent | Last updated: Sep 22, 2021 08:52AM UTC

Hi Alberto Thank you for your message. Extensions in the BApp Store are created and maintained by 3rd party users of Burp, rather than by PortSwigger. You can raise this with the extension author here: https://github.com/Quitten/Autorize/issues Please let us know if you need any further assistance. Cheers Hannah Law Technical Product Specialist PortSwigger

You need to Log in to post a reply. Or register here, for free.