Semi-automated analysis tool for OAuth 2.0 and OpenID Connect 1.0 Auth Requests.
This extensions aims to support the analysis of single sign-on implementations, by offering semi-automated analysis and attack capabilities for OAuth 2.0 and OpenID Connect 1.0 Auth. Requests.
Features:
• View request parameters at a glance, either via the popup or the developer tools panel.
• Hover over standardised parameters for background information about parameters.
• Manually modify request parameters.
• Detailed Analysis of request parameters:
• Observations: Informational findings within the Auth. Request.
• Recommendations: Hardening measures directly identified within the current Auth. Request.
• Attacks: Proposed further test cases, can be automatically executed with one click.
• Search history for Auth. Request and replay the request.
• Indicate with a badge if the currently visited page appears to be an Auth. Request.
• Store and reload URL: Can be used as clipboard for one valid request, restore saved URL in case an error causes a redirect.
• Manually trigger analysis.
