burplay: Burp Extension for Detection Privilege Escalations
Burplay is a Burp Extension allowing for replaying any number of requests using same modifications definition. Its main purpose is to aid in searching for Privilege Escalation issues.
Burplay is a Burp extension, which allows for replaying any number of requests while applying different modifications to them.
Currently, Burplay supports adding, modifying or deleting:
- Request headers
- GET parameters
- POST parameters
In addition, sessions can be defined, so you can easily replay requests as a particular user.
For instance, if the application uses a session cookie to track users’ sessions, you can:
- Log in to the application as a high-privileged user in a browser proxied by Burp and browse through all URLs which should be covered by the test.
- In Burp Proxy’s History or Target Site Map, choose all interesting requests and “Send to Replay”
They will then show up in the “Replay” tab:
- Log into the application as a low-privileged user
- Define a Burplay session based on the cookie issued by the application for the low-privileged user
The session can be defined by selecting a cookie name and value in any request or response view within Burp:
5. “Apply” the newly defined session as a modification in the Replay tab:
- Start the test by clicking the “REPLAY!” button.
On the right-hand side of Burplay’s UI, there are tabs showing all replays and the original set of requests and responses. Currently, manual inspection of replay tabs is the only method of identifying an issue.