AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection

Tool Overview

AuthKit is a Burp Suite extension that expands a single business request into Original / Unauthorized / 多角色 comparison samples, enabling detection of unauthorized access, horizontal privilege escalation, vertical privilege escalation, and object‑level access control missing (BOLA).

It supports passive traffic capture and right‑click active testing, making it suitable for integration into daily Burp workflows.

Interface

Core Capabilities

Multi‑identity automatic replay : automatically generates comparison results for Original, Unauthorized, and UserA/UserB/….

Multidimensional metric display : shows Length, Status Code, Hash, AttributeNum, and Rank.

Rapid anomaly location : table diff coloring, metadata panel, and Response Diff view.

Context‑menu integration : provides Send to AuthKit and Extract Auth to User commands.

Flexible scope control : configurable Domain Scope, Request Filter, and Tool Type Scope.

Applicable Scenarios

Use Unauthorized to quickly check for unauthorized access.

Use UserA / UserB to compare horizontal privilege escalation.

Use User / Admin to compare vertical privilege escalation.

Replace parameters to verify object‑level access control for resource ID, tenant ID, user ID, etc.

Batch‑inspect high‑risk endpoints in Proxy / Repeater.

Tool Acquisition

Repository:

https://github.com/youmulijiang/AuthKit