search

simioni87 / auth_analyzer

Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
MIT License
185 stars 48 forks source link

how about add "Parameter Addition" function #10

Closed Conanjun closed 3 years ago

Conanjun commented 3 years ago

Hello Simioni87,nice to meet u !!! I have used auth_analyzer for a long time and it is really a great burp extension for pentersters ! ! ! But i have a problem that why not add the "Parameter Addition" function because u have realized the function of "Parameter Replacement". There are sevel scene for this addition function,such as hidden debug mode,for example some developper like to add "debug=1" in request(url post-param json-param etc) when write code but delete it in frontend,but the debug mode still exist and sometime it may cause some problem. In this scene, auth-analyzer can't add Parameter when origin request is not existed a parameter named "debug" so i have to add it in processhttpmessage before auth-analyzer's code. Perhaps u could think about to add this function hahahaha. it is really happy to use your auth_analyzer ^=^

simioni87 commented 3 years ago

Hi Conanjun Thanks for your input. I like your idea; will be implemented with the next release ;-)

Conanjun commented 3 years ago

i have write some code to add this function when token is not existed just add it in getModifiedRequest,may i make a pull request let u review?

simioni87 commented 3 years ago

we currently work parallell.. Just implemented the feature... but of course, please show me what you have done :) ...

simioni87 commented 3 years ago

Hi Conajun

I just published a new release.

Have fun and regards