SulphurAPI - API Testing Burp Suite extension

Burp Suite extension for automating OWASP API Top 10 detection. Will include dedicated checks (mass assignment, authentication, authorization), OpenID Connect/OAuth2 management, and advanced OpenAPI parsing. Designed to make API security testing more reliable and compliant with BApp Store criteria. Supports Swagger/OpenAPI version 2.0 up to 3.1.1

Install Release

Check out the latest Release

Build & Run

# Clone repo
git clone https://github.com/I-TRACING-ASO/SulphurAPI.git
cd your-repo

# Build
mvn package

# Jar is located in target folder - SulphurAPI-X.X.jar

Usage

Load the extension in Burpsuite with the .jar plugin
Use the button in the extension tab top-left corner to open a swagger/openapi file (.json or .yaml) (make sure it follows the specification and has no errors)
Right-click on endpoints in endpoints list and load a specific target endpoint
Edit parameters if it has any in the value cells
Send the request (move them to repeater/intruder if you want by right-clicking on the request area field)

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
docs		docs
src/main/java/v1/sulphurapi		src/main/java/v1/sulphurapi
target/maven-status/maven-compiler-plugin/compile/default-compile		target/maven-status/maven-compiler-plugin/compile/default-compile
README.md		README.md
pom.xml		pom.xml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

SulphurAPI - API Testing Burp Suite extension

Install Release

Build & Run

Usage

About

Uh oh!

Releases 1

Languages

I-TRACING-ASO/SulphurAPI

Folders and files

Latest commit

History

Repository files navigation

SulphurAPI - API Testing Burp Suite extension

Install Release

Build & Run

Usage

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases 1

Languages