IDOR Scanner

IDOR Scanner

IDOR Scanner is a Burp Suite extension written in Python that automates the detection and enumeration of potentially vulnerable numeric fields to identify Insecure Direct Object Reference (IDOR) vulnerabilities in web applications. 🚀

Key Features:

• Detection of Numeric Fields: Identifies numeric fields in various parts of HTTP requests, including URL paths, query parameters, and request bodies.
• Passive Scanning: Analyzes outgoing HTTP requests and their responses to detect potential vulnerabilities without active interference.
• Active Scanning: Modifies detected numeric fields and evaluates responses to confirm vulnerabilities.
• Manual IDOR Scanning: Allows users to selectively test specific issues via the context menu in Burp Suite.
• Integration with Burp Suite: Simple installation and seamless operation within the Burp Suite environment.

Benefits:

• Automated Vulnerability Detection: Saves time and effort in identifying IDOR vulnerabilities.
• User-Friendly Interface: Easy to use with Burp Suite's context menu integration.
• Comprehensive Analysis: Provides detailed reports on detected issues for further investigation.

Highlights:

• Written in Python, making it easy to modify and extend.
• Actively maintained with contributions welcome from the community.