OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks

Related tags

Security OAUTHScan
Overview

OAUTHScan

Description

OAUTHScan is a Burp Suite Extension written in Java with the aim to provide some automatic security checks, which could be useful during penetration testing on applications implementing OAUTHv2 and OpenID standards.

The plugin looks for various OAUTHv2/OpenID vulnerabilities and common misconfigurations (based on official specifications of both frameworks), many of the checks have been developed according with the following references:

Below a non-exhaustive list of the check performed by OAUTHScan:

  • Open Redirect issues on Redirect_Uri parameter
  • Authorization Code Replay issues
  • Leakage of secrets (i.e. Tokens, Codes)
  • PKCE misconfigurations
  • Nonce parameter misconfigurations
  • State parameter misconfiguration
  • Input Validation issues on Scope parameter
  • Detection of inerently insecure Flows
  • SSRF issues via Request_Uri parameter
  • Detection of Well-Known and WebFinger resources
  • And others...

Installation

After downloaded (or cloned) the OAUTHScan repository, build it using gradle, and finally import the generated 'OAUTHscan-1.0.jar' file via Burp Extender tab.

Usage

OAUTHScan is fully integrated with the Burp Scanner, after installed on Burp you have only to launch Passive or Active scans on your targeted request.

Author

  • OAUTHScan plugin was developed by Maurizio Siddu

GNU License

Copyright (c) 2022 OAUTHScan

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/

You might also like...

OACC (Object ACcess Control) is an advanced Java Application Security Framework

OACC Java Application Security Framework What is OACC? OACC - pronounced [oak] - is a fully featured API to both enforce and manage your application's

Nov 24, 2022

Spring Security

Spring Security Spring Security provides security services for the Spring IO Platform. Spring Security 5.0 requires Spring 5.0 as a minimum and also r

Jan 5, 2023

Employee Management System using Spring Boot, Spring Security, Thymeleaf and MySQL database.

Employee Management System Employee Management System using Spring Boot, Spring Security, Thymeleaf and MySQL database. YouTube Video Series Employee

Jan 1, 2023

Spring-security, swagger, db auth , RestAPI

Rest API Features Spring-security Swagger-UI DB based Authentication Role Based Access Spring AOP Steps To Use go to /login screen go to swagger-ui.ht

Mar 12, 2022

FastKV is an efficient and reliable key-value storage component written with Java.

FastKV 中文文档 FastKV is an efficient and reliable key-value storage component written with Java. It can be used on platforms with JVM environment, such

Dec 28, 2022

An API wrapper for BotiCord API written in Java

An API wrapper for BotiCord API written in Java

An API wrapper for BotiCord API written in Java

Nov 8, 2022

Java JWT: JSON Web Token for Java and Android

Java JWT: JSON Web Token for Java and Android JJWT aims to be the easiest to use and understand library for creating and verifying JSON Web Tokens (JW

Dec 30, 2022

Java Project based on Java and Encryption using Cryptography algorithms

Symmetric-Encryption-Cryptography-in-Java Java Project based on Java and Encryption using Cryptography algorithms Project Aim Develop Java program to

Feb 3, 2022

A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)

Log4jPatcher A Java Agent based mitigation for Log4j2 JNDI exploits. This agent employs 2 patches: Disabling all Lookup conversions (on supported Log4

Dec 16, 2022
Comments
  • OAUTHv2 Client Credentials Flow Improper Release of Refresh Token - False Positive

    OAUTHv2 Client Credentials Flow Improper Release of Refresh Token - False Positive

    I have tested an API endpoint that only issues an access token (without a refresh token), but the extension reports such issue.

    {"access_token":"p7aj[...REDACTED...]J54hy","token_type":"bearer","expires_in":3600,"expires_at":1659972007,"scope":"...SNIP..."}

    opened by halfluke 4
  • Question regarding Active Scan

    Question regarding Active Scan

    What requests need to be Active Scanned for the checks to work ? Client, Authorization server, Protected Resource or all ? If the Authorization Server is out of scope and cannot be scanned will the plugins active scan checks still be able to test the Client or protected resource parts only ? Also what scan strategy should be used ? Create a new Live Audit Task in Burp and walk through the authentication flow as an end user ? If so can this be created as an extension only scan with oAuthScan as the only enabled ?

    Thanks

    opened by AkikoOrenji 1
Owner
Maurizio S
Maurizio S
GitHub
A library for bypassing all of Java's security mechanisms, visibility checks, and encapsulation measures via the JNI API

Narcissus: thwart strong encapsulation in JDK 16+ Narcissus is a JNI native code library that provides a small subset of the Java reflection API, whil

ToolFactory 29 Nov 3, 2022
Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications)

BFAC - Burp Extension Burp Extension for BFAC (Advanced Backup-File Artifacts Testing for Web-Applications). What is BFAC - Burp Extension ? Backup fi

SEC-IT 18 Jul 16, 2022
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

Log4j-HammerTime This Burp Suite Active Scanner extension validates exploitation of the Apache Log4j CVE-2021-44228 and CVE-2021-45046 vulnerabilities

DXC Technology - StrikeForce 8 Jan 8, 2022
A handy plugin for copying requests/responses directly from Burp, some extra magic included.

RIO BurpSuite plugin Request Input Output BurpSuite plugin A.K.A RIO - A handy plugin for copying requests/responses directly from Burp, some extra ma

Daniel Kalinowski 13 Nov 22, 2022
Spring-react-security - 🌶 Spring Security & React 🌶

Spring-react-security - ?? Spring Security & React ??

KimJunhan 2 Mar 28, 2022
shiro only provide the support of ehcache and concurrentHashMap. Here is an implement of redis cache can be used by shiro. Hope it will help you!

shiro only provide the support of ehcache and concurrentHashMap. Here is an implement of redis cache can be used by shiro. Hope it will help you!

alex 1.1k Dec 18, 2022
Examples and HowTos for BouncyCastle and Java Cryptography Extension (JCE)

CryptographicUtilities Examples and HowTos for BouncyCastle and Java Cryptography Extension (JCE) See class "/src/main/java/de/soderer/utilities/crypt

null 1 Dec 19, 2021
Copy as XMLHttpRequest BurpSuite extension

Copy as XMLHttpRequest BurpSuite extension The extension adds a context menu to BurpSuite that allows you to copy multiple requests as Javascript's Xm

Alexey Pronin 30 Dec 25, 2022
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

pac4j is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web appl

PAC4J 2.2k Dec 30, 2022
PicketLink is a security framework for securing Java EE applications.

PicketLink http://picketlink.org Java EE Application Security Identity Management Federation Social REST Security Standard-based Security This reposit

PicketLink 92 Feb 21, 2022