burplay: Burp Extension for Detection Privilege Escalations

burplay

Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.

Download

Burplay

Burplay is a Burp extension, which allows for replaying any number of requests while applying different modifications to them.

Currently, Burplay supports adding, modifying or deleting:

  • Cookies
  • Request headers
  • GET parameters
  • POST parameters

In addition, sessions can be defined, so you can easily replay requests as a particular user.

For instance, if the application uses a session cookie to track users’ sessions, you can:

  1. Log in to the application as a high-privileged user in a browser proxied by Burp and browse through all URLs which should be covered by the test.

Picture1

  1. In Burp Proxy’s History or Target Site Map, choose all interesting requests and “Send to Replay”

Picture2

They will then show up in the “Replay” tab:

Picture3

  1. Log into the application as a low-privileged user

Picture4

  1. Define a Burplay session based on the cookie issued by the application for the low-privileged user

The session can be defined by selecting a cookie name and value in any request or response view within Burp:

Picture5
Picture6

5. “Apply” the newly defined session as a modification in the Replay tab:

Picture7

  1. Start the test by clicking the “REPLAY!” button.

Picture8

On the right-hand side of Burplay’s UI, there are tabs showing all replays and the original set of requests and responses. Currently, manual inspection of replay tabs is the only method of identifying an issue.

Tutorial