Skip to content

AuthMatrix

Description

The AuthMatrix extension is designed for testing authorization in web applications and web services. With AuthMatrix, testers can focus on thoroughly defining tables of users, roles, and requests specific to their target application upfront. These tables are structured similarly to an access control matrix, which is common in various threat modeling methodologies.

Once the tables are assembled, testers can use the simple click-to-run interface to initiate all combinations of roles and requests. The results are displayed in an easy-to-read, color-coded interface that indicates any authorization vulnerabilities detected in the system. Additionally, the extension provides the ability to save and load target configurations for simple regression testing.

Steps to Install

  1. Start Burp Suite.
  2. Navigate to the Extender tab.
  3. Visit the BApp Store.
  4. Search for AuthMatrix.
  5. Click on Install.

References