Automating BURP to find IDORs
Hello hunters, In this blog, I will help you setup-up Autozie and Autorepeater to find IDORs with the help of Burp Suite, but first a little detail about What is IDOR?
What is Insecure Direct Object Reference?
The fourth one on the list is Insecure Direct Object Reference, also called IDOR. It refers to when a reference to an internal implementation object, such as a file or database key, is exposed to users without any other access control. In such cases, the attacker can manipulate those references to get access to unauthorized data.
for more: blog.detectify.com
Now, Let's begin the Hacking!
You can Install Autorize and Autorepeater from the Bapp store in Extender tab
For more details about the tools, you can check it on Github
Autorize — For Each Request you do, it will send an equal request But with changed cookies…