SessionProbe: assist in evaluating user privileges in web applications

session token authorization

SessionProbe

SessionProbe is a multi-threaded pentesting tool designed to assist in evaluating user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible, highlighting potential authorization issues. SessionProbe deduplicates URL lists and provides real-time logging and progress tracking.

SessionProbe is intended to be used with Burp Suite’s “Copy URLs in this host” functionality in the Target tab (available in the free Community Edition).

Note: You may want to change the filter in Burps’s Target tab to include files or images. Otherwise, these URLs would not be copied by “Copy URLs in this host” and would not be tested by SessionProbe.

Features 🔎

  • Test for authorization issues
  • Automatically dedupes URLs
  • Sorts the URLs by response status code and extension (e.g., .css, .js), and provides the length
  • Multi-threaded
  • Proxy functionality to pass all requests e.g. through Burp

Use

Install

Copyright (c) 2024 Florian Walter