The motivation behind the Burp SessionAuth extension was to support the web application auditor in finding such cases of privilege escalation vulnerabilities. The idea is, that the auditor provides some information, internal identifiers and strings which identify different users (e.g. his/her real name) or content. The extension performs the following tasks:
- Monitoring of all requests for occurrences of the given identifiers. Such requests are typical candidates for privilege escalation vulnerabilities. Even if a web application doesn’t seems to be vulnerable in one part, it can still be vulnerable in other ones.
- Preparing an Intruder configuration on request of the user and implementation of a Intruder payload generator which delivers the user identifiers.
- Actively scan a suspicious request and try to determine vulnerabilities automatically by some heuristics.
More information here >> http://skora.net/news/24-itsec-projects/26-the-burp-sessionauth-extension