Skip to content

assert-security/auto-mapper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.vscode
.vscode
 
 
src
src
 
 
.gitignore
.gitignore
 
 
BappDescription.html
BappDescription.html
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.gradle
build.gradle
 
 
settings.gradle
settings.gradle
 
 

Repository files navigation

Auto Mapper - powered by Venari

Auto Mapper Integrates Burp with Venari to deliver fully automatic login and site mapping to Burp users. AppSec testing is raised to a new level of efficiency by starting with a detailed map of site URLs. The login is completely automatic in most cases and Session state is maintained throughout the scan. Start with a point and shoot scan and then apply all of Burp's advanced techniques on the discovered content.

In parallel with discovery, the Auto Mapper extension finds DOM XSS, CSRF and broken authentication vulnerabilities.

The full power of Burp can be applied to a detailed site-map loaded by the Auto Mapper extension.

This extension requires Venari Community Edition (or higher) Download Venari

Features

  • Automatic login using only credential information

  • Automatic site mapping via browser discovery and link spidering

  • Easy customization of discovery scope in the free Venari Community Edition UI

  • Easy customization of exploit rules in the free Venari Community Edition UI

  • Manually record workflows as needed for advanced use cases. Examples:

    • Create login workflows for cases where auto-login does not work

    • Create account with user registration workflow

  • Automatic XSS probing and fuzzing (reflected, DOM-based, stored)

  • CSRF testing

  • Broken session management testing

    • Session ID unchanged after login
    • Incomplete logout functionality
    • Credentials stored in cookie

  • Import Venari data

    • Site map from a completed job
    • All data from a completed job (site map and issues)
    • Issues for an application (aggregated from all scan jobs)

Building the extension from GitHub source code

gradle jar
  • The jar file will be written to the build/libs folder

Usage

  • The Auto Mapper extension requires Venari Community edition to be running on the same computer as Burp. Venari CE is cross-platform and can be downloaded for free. Download Venari Community Edition install it and run it.

  • Create a named application for a web site under test and provide login credentials (if applicable) using the Venari UI.

  • In the right click context menu in Burp, click 'Start Venari Scan' and select the application name created above.

  • Watch the target tab to see the sitemap details populated in real time. Issues will show up as they are found.

Tutorials

Venari CE Quick Start Guide

Auto Mapper Quick Start Video

Auto Mapper Quick Start Article

Support and Feature Requests

Support and Feature Requests

About

Burp Auto Mapper extension powered by Venari

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages