Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Support Center
  2. BApp Store
  3. AuthMatrix

Professional Community

AuthMatrix

Download BApp

AuthMatrix is an extension to Burp Suite that provides a simple way to test authorization in web applications and web services. With AuthMatrix, testers focus on thoroughly defining tables of users, roles, and requests for their specific target application upfront. These tables are displayed through the UI in a similar format to that of an access control matrix commonly built in various threat modeling methodologies.

Once the tables have been assembled, testers can use the simple click-to-run interface to efficiently run all combinations of roles and requests. Testers can then confirm their results with an easy to read, color-coded interface indicating any authorization vulnerabilities detected in the system. Additionally, the extension provides the ability to save and load target configurations for simple regression testing.

Requires Jython version 2.7.0 or later

Version 0.8 release information: https://zuxsecurity.blogspot.com/2018/01/authmatrix-08.html

Please report issues on the project GitHub.

Author

 Author

Mick Ayzenberg, Security Innovation

Version

 Version

0.8.2

Rating

 Rating

Popularity

 Popularity

Last updated

 Last updated

15 October 2021

Estimated system impact

 Estimated system impact

Overall impact: Low

Memory
Low
CPU
Low
General
Low
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.