search

Quitten / Autorize

Automatic authorization enforcement detection extension for burp suite written in Jython developed by Barak Tawily in order to ease application security people work and allow them perform an automatic authorization tests
928 stars 196 forks source link

Add inverse enforcement detectors #94

Closed legithubert closed 2 years ago

legithubert commented 2 years ago

This adds inverse enforcement detector filters (for both authentication and authorization enforcement) that allow to detect a message as enforced if some condition is not fulfilled.

Example: Use type "Body NOT (simple string)" to flag messages as enforced if their response body does not contain some string.

Quitten commented 2 years ago

Merged after testing. Thank you very much for contributing @legithubert !