Autorize is an automatic add-on detection program for Burp Suite. Autorize was designed to help security testers by performing automatic authorization tests. It should be noted that with the last release now Autorize also performs automatic authentication tests. In this article, we are going to teach you step by step How to Install and use Authorize on Burp Suite. You can visit the packages available in Eldernode if you wish to purchase VPS Hosting server.
Table of Contents
Tutorial Install and use Authorize on Burp Suite
Autorize works without any configuration, but is also highly customizable, allowing configuration of the granularity of the authorization enforcement conditions and also which requests the plugin must test and which not.
In the next section, we will introduce you to Autorize. Then we are going to teach you how to Install Autorize on Burp Suite. Finally, we will explain how to use Autorize. Please stay tuned for the rest of this article.
What is Authorize on Burp Suite?
Autorize is an extension aimed at helping the penetration tester to detect autorization vulnerabilities. It is interesting to know that Autorize is one of the more time-consuming tasks in a web application penetration test.
Autorize can also use to identify authentication vulnerabilities in addition to permissions, the possibility of repeating any request without a cookie. It is sufficient to give to the extension the cookies of a low privileged user and navigate the website with a high privileged user. The extension automatically repeats every request with the session of the low privileged user and detects authorization vulnerabilities.
In the continuation of this article, join us to teach you how to Install Autorize on Burp Suite.
Install Authorize on Burp Suite
In this section, we want to teach you How to Install and use Autorize on Burp Suite. To do this, just follow the steps below. The first step is to download the Burp Suite.
Then you need to download Jython standalone JAR in the next step.
After successfully installing the above programs, you should now perform the following steps in order. After opening Burp, you must follow the path below:
Burp >> Extender >> Options >> Python Environment >> Select File
Now you should choose the Jython standalone JAR.
You can now install Autorize using two methods. The first method is to install Autorize through the BApp Store. But in the second method, you need to download Autorize.py first. Then you should follow the path below:
Burp >> Extender >> Extensions >> Add >> Choose Autorize.py
Once you have completed the above steps correctly, you can now easily use Autorize by referring to the Autorize tab.
How to Use step by step:
After you have successfully completed the above steps in the previous section, we now want to teach you how to use Autorize on Burp Suite.
The first step is to open the Burp Suite. Then click on Configuration from the Autorize tab. Then, you should copy it into the textbox containing the text “Insert injected header here“.
If the authentication test is not requiring you can uncheck “Check unauthenticated“.
The important point is that if you want to intercept the requests that are sent through the repeater, you can Check “Intercept requests from the Repeater“.
It should be noted that if you want to allow Autorize to check for authorization enforcement, you must click on “Intercept is off“. By doing this, you can start intercepting the traffic.
Now it’s time to configure the browser proxy settings to transfer traffic to Burp. In the next step, you can refer to the program that you want to test with a high-rated user.
If you want to track the domains you want with the Autorize plugin, you need to use the interception filter tab. To do this, you can specify with the blacklist/whitelist/regex or items in the Burp domain, so that unnecessary domains are not tracking by Autorize and you are more organizing.
You can see how to use this section in the image below:
Conclusion
Autorize is an automatic authorization enforcement detection extension for Burp Suite. It helps you detect authorization vulnerabilities. In this article, we tried to teach you how to Install and use Autorize on Burp Suite.