Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
As per HTTP standard, headers are case-insensitive (see https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive). However, when a header such as Authorization is provided, the application does not replace the authorization header which starts with a lowercase letter. As a result, the modified request will contain 2 authorization headers instead of replacing the original one.
As per HTTP standard, headers are case-insensitive (see https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive). However, when a header such as
Authorization
is provided, the application does not replace theauthorization
header which starts with a lowercase letter. As a result, the modified request will contain 2 authorization headers instead of replacing the original one.