Burp Suite Extension for Script based Attacks for Web Applications
Aishwarya Kore, Taniya Hinduja, Aditi Sawant, Sanika Indorkar, Sharmila K. Wagh, Siddhant Rankhambe
Abstract
Security testing has become a vital part of software development in recent times. It helps us to identify vulnerabilities and loopholes in the software system and in turn fix the errors. Mainly there are two types of testing- manual and automated. Automated testing being advantageous over manual testing uses one of the many available tools Burp Suite. Broken authentication is one of the OWASP top 10 vulnerabilities. A 2019 study found that 45 percent of webapplications had vulnerabilities relating to broken authentication. These weaknesses let attackers gain unauthorized access to accounts and ultimately carry out illegal activities such as identity theft, money laundering, fraud, or stealing confidential data. Utilizing Burp Suite as a flexible automation testing solution helps increase the efficacy and accuracy of software security testing and protect software security. This research work proposes Burp Suite extensions to automate the testing of broken authentication and make it fast and efficient. The function of the first extension will be to intercept the target HTTP/HTTPS requests and convert them into their respective CURL commands. The second extension will focus on carrying out the broken authentication attack on the target. This research study aim to propose a novel solution to reduce the time and efforts required to manually test every request in order to carry out pentestinge