Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
The original regex match pages like .jsp or .jsf which are used as JavaServer Pages/Faces in some Java-based applications and used to dynamically generate pages (like PHP but for Java).
The original regex match pages like
.jsp
or.jsf
which are used as JavaServer Pages/Faces in some Java-based applications and used to dynamically generate pages (like PHP but for Java).Regex 101 is self-explaining: https://regex101.com/r/NMFThd/1
Regex:
(\.js|\.css|\.png|\.jpg|\.svg|\.jpeg|\.gif|\.woff|\.map|\.bmp|\.ico)(?![a-z]+)[?]*[\S]*$