[link]https://github.com/PortSwigger/oauth-scan[/link]
[tags]burpsuite,auth,openid[/tags]
[short_descr]Burp Suite Extension useful to verify OAUTHv2 and OpenID security.[/short_descr]
[long_descr]OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards.
The plugin looks for various OAUTHv2/OpenID vulnerabilities and common misconfigurations. Below a non-exhaustive list of checks performed by OAUTHScan:
[link]https://github.com/PortSwigger/oauth-scan[/link] [tags]burpsuite,auth,openid[/tags] [short_descr]Burp Suite Extension useful to verify OAUTHv2 and OpenID security.[/short_descr] [long_descr]OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards.
The plugin looks for various OAUTHv2/OpenID vulnerabilities and common misconfigurations. Below a non-exhaustive list of checks performed by OAUTHScan: