Member-only story
Leveraging Burp Suite extension for finding IDOR(Insecure Direct Object Reference).
IDOR is one of the common vulnerabilities found in bug bounty websites. Let's see how to easily catch them.
What is IODR?
If you are not familiar with IDOR, then here is a quick refresher.
IDOR is a type of access control vulnerability, where the system uses the user input to access objects or resources. When a user can modify the reference that is used to access an internal object/resource that is restricted to that user, IDOR arises.
Let’s me put it in simple words with an example.
Let’s say that a school system uses a student’s unique number to retrieve personal information about the particular student. If a student provides a different unique number and retrieves info about a different student, it is an example of IDOR. Normally, the system will provide a way to limit the access for each user to his/her information. But when it doesn’t, IDOR vulnerability arises.
Extensions for finding IDOR
Let me tell you two of the most used extensions in finding IDOR.
Autorize
This free-to-use burp extension could be the most popular tool when it comes to finding IDOR. Finding IDOR is a time-consuming task as you should check every resource present on the website. You should check the resources of a high-privileged user with the cookie details of a low-privileged one. And, Autorize helps you to do just that easily.
How to use it to find IDOR?
- You should first feed the cookie details of a low-privileged/different user in the Autorize extension.
- Then roam and get different resources on the vulnerable website as a high-privileged user using your browser with burp connected.
- For every request you make with the high-privileged user on the site, the Autorize extension repeats the same request with the given low-privileged cookie.
- Finally, you can check on the Autorize…
