AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront.
These tables are structured in a similar format to that of an access control matrix common in various threat modeling methodologies.
Once the tables have been assembled, testers can use the simple click-to-run interface to kick off all combinations of roles and requests. The results can be confirmed with an easy to read, color-coded interface indicating any authorization vulnerabilities detected in the system.
Additionally, the extension provides the ability to save and load target configurations for simple regression testing.
Installation
AuthMatrix can be installed through the Burp Suite BApp Store. From within Burp Suite, select the Extender tab, select the BApp Store, select AuthMatrix, and click install.
For Manual installation, download AuthMatrix.py from this repository. Then from within Burp Suite, select the Extender tab, click the Add button, change the Extension type to Python, and select the AuthMatrix python file.
Note
AuthMatrix requires configuring Burp Suite to use Jython. Easy instructions for this are located at the following URL.
https://portswigger.net/burp/help/extender.html#options_pythonenv
Be sure to use Jython version 2.7.0 or greater to ensure compatibility.
Basic Usage
Sample AuthMatrix Configuration
Advanced Usage
Chains
Chains provide a way to copy a static or dynamic value into the body of a request. These values can be pulled from the response of a previously run request (using a regex) or by specifing user-specific static string values.
The most common use cases for Chains are:
A Chain entry has the following values:
NOTE: Requests are run in order of row, however, if a chain dependency is detected, AuthMatrix will run the requests in the required order.
Chains for CSRF
Chains for Cross-User Resource Tests
Chains for Authenticating Users
Failure Regex Mode
For certain targets, it may be easier to configure AuthMatrix to detect the response condition of when a request has failed. For example, if a target site returns unique data on successful requests, but always returns an HTTP 303 when an unauthorized action is performed.
In this mode, AuthMatrix will validate this regex for all users not part of a succeeding role.
To do this, right click the request and select “Toggle Regex Mode”. The regex field will be highlighted in purple to indicate that AuthMatrix will run the request in Failure Regex Mode.
NOTE: False positive detection and highlighting may not work in Failure Regex Mode
Sample Configuration with Failure Regex Mode
bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…
Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…
Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…
Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…