AuRA - Auth. Request Analyser
Item logo image for AuRA - Auth. Request Analyser

AuRA - Auth. Request Analyser

security.lauritz-holtmann.de
Item media 1 screenshot

Overview

Semi-automated analysis tool for OAuth 2.0 and OpenID Connect 1.0 Auth Requests.

This extensions aims to support the analysis of single sign-on implementations, by offering semi-automated analysis and attack capabilities for OAuth 2.0 and OpenID Connect 1.0 Auth. Requests. Features: • View request parameters at a glance, either via the popup or the developer tools panel. • Hover over standardised parameters for background information about parameters. • Manually modify request parameters. • Detailed Analysis of request parameters: • Observations: Informational findings within the Auth. Request. • Recommendations: Hardening measures directly identified within the current Auth. Request. • Attacks: Proposed further test cases, can be automatically executed with one click. • Search history for Auth. Request and replay the request. • Indicate with a badge if the currently visited page appears to be an Auth. Request. • Store and reload URL: Can be used as clipboard for one valid request, restore saved URL in case an error causes a redirect. • Manually trigger analysis.

0 out of 5No ratings

Google doesn't verify reviews. Learn more about results and reviews.

Details

  • Version
    1.1
  • Updated
    March 30, 2022
  • Size
    24.22KiB
  • Languages
    English
  • Developer
    Website
    Email
    support@lauritz-holtmann.de
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

Related

Untrusted Types for DevTools

5.0(3)

Abusing Trusted Types to discover XSS sinks.

OpenID

0.0(0)

The OpenID helper enables you to login to a website without a single click.

OAuth Flows

4.1(9)

Troubleshoot Oauth and OIDC applications and decode JWT tokens

Simple OAuth2 Client

0.0(0)

A simple OAuth2 client chrome extension to get access token via authorization code flow for development usage

SAML-tracer

4.3(30)

A debugger for viewing SAML messages

SAML DevTools extension

4.3(28)

A chrome developer tools extension for viewing SAML messages in chrome

SAML, WS-Federation and OAuth 2.0 tracer

4.0(7)

Trace and decode all SAML, WS-Federation and OAuth 2.0 (OIDC) messages

retire.js

4.9(8)

Scanning website for vulnerable js libraries

Aura Tab

0.0(0)

Beautiful Browser Start Page

Azure AD App Launcher

5.0(1)

Calls the authorize endpoint with minimum required parameters and prompt=select_account.

SAML Message Decoder

4.3(31)

Collects and displays SAML messages

SAML Chrome Panel

3.9(51)

Extends the Developer Tools, adding support for SAML Requests and Responses to be displayed in the Developer Tools window

Untrusted Types for DevTools

5.0(3)

Abusing Trusted Types to discover XSS sinks.

OpenID

0.0(0)

The OpenID helper enables you to login to a website without a single click.

OAuth Flows

4.1(9)

Troubleshoot Oauth and OIDC applications and decode JWT tokens

Simple OAuth2 Client

0.0(0)

A simple OAuth2 client chrome extension to get access token via authorization code flow for development usage

SAML-tracer

4.3(30)

A debugger for viewing SAML messages

SAML DevTools extension

4.3(28)

A chrome developer tools extension for viewing SAML messages in chrome

SAML, WS-Federation and OAuth 2.0 tracer

4.0(7)

Trace and decode all SAML, WS-Federation and OAuth 2.0 (OIDC) messages

retire.js

4.9(8)

Scanning website for vulnerable js libraries

Google apps