AuRA - Auth. Request Analyser

Overview

Semi-automated analysis tool for OAuth 2.0 and OpenID Connect 1.0 Auth Requests.

This extensions aims to support the analysis of single sign-on implementations, by offering semi-automated analysis and attack capabilities for OAuth 2.0 and OpenID Connect 1.0 Auth. Requests. Features: • View request parameters at a glance, either via the popup or the developer tools panel. • Hover over standardised parameters for background information about parameters. • Manually modify request parameters. • Detailed Analysis of request parameters: • Observations: Informational findings within the Auth. Request. • Recommendations: Hardening measures directly identified within the current Auth. Request. • Attacks: Proposed further test cases, can be automatically executed with one click. • Search history for Auth. Request and replay the request. • Indicate with a badge if the currently visited page appears to be an Auth. Request. • Store and reload URL: Can be used as clipboard for one valid request, restore saved URL in case an error causes a redirect. • Manually trigger analysis.

0 out of 5
No ratings
Learn more about results and reviews.

Details

Version
1.1
Updated
March 30, 2022
Flag concern
Size
24.22KiB
Languages
English
Developer
Website
Email
support@lauritz-holtmann.de
Non-trader
This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes

Support

DOMLogger++

5.0

DOMLogger++ allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

SAML Tracer

4.7

Use SAML Tracer to track Security Assertion Markup Language (SAML) and WS-Federation requests and responses.

Auth Inspector (SAML & OIDC)

0.0

DevTools panel to inspect SAML Requests/Responses and OIDC tokens locally.

Simply Code Beautify

5.0

Beautify your js,css files

SAML-tracer

4.4

A debugger for viewing SAML messages

postLogger

0.0

Extension to log postMessage()

SAML Chrome Panel

3.8

Extends the Developer Tools, adding support for SAML Requests and Responses to be displayed in the Developer Tools window

OpenID Connect Helper

0.0

Automate the OpenID Connect playground

Simple OAuth2 Client

1.0

A simple OAuth2 client chrome extension to get access token via authorization code flow for development usage

Dead Domain Discovery

0.0

Scans the page for external iFrames, Scripts, and Styles, logs them to the console, and checks if their domains are resolvable.

JWT Inspector

4.6

Display JWT bearer tokens in a new tab in Chrome's Developer Tools

DotGit

4.8

An extension for checking if .git is exposed in visited websites