AWS Cognito

This extension helps identify key information from requests to AWS Cognito, provides several passive scan checks, and suggests HTTP request templates for exploiting several known vulnerabilities.

Features:

• Proxy History: Adding comments to Burp Proxy History to reflect the Cognito Method found in "X-Amz-Target: AWSCognitoIdentityProviderService.RevokeToken"
• Passive Scan Issues:
  • Log URLs observed matching "^cognito-(?:identity|idp)(?:-fips)?.[^\.]+.amazonaws.com$"
  • Log Identity Pool IDs observed in requests and suggestions for exploiting it
  • Log Client IDs observed in requests
  • Log custom user attributes found in the "idToken" or "GetUser" response
  • Log "InitiateAuth" requests and suggest request templates for "SignUp" and "UpdateUserAttributes"
  • Log "AWSCognitoIdentityService.GetCredentialsForIdentity" requests containing temporary credentials