search

Quitten / Autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
928 stars 196 forks source link

Headers are case-sensitive #106

Closed irsdl closed 1 year ago

irsdl commented 1 year ago

As per HTTP standard, headers are case-insensitive (see https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive). However, when a header such as Authorization is provided, the application does not replace the authorization header which starts with a lowercase letter. As a result, the modified request will contain 2 authorization headers instead of replacing the original one.

Quitten commented 1 year ago

True that, according to RFC headers are case-insensitive. https://github.com/Quitten/Autorize/pull/107 Merged, thank you very much for contributing. Closed.