Azure API Management Tracing Helper
Azure API Management Tracing Helper is a Burp Suite extension to aid in testing APIs hosted on the Azure API Management platform. The extension was created by an Optiv consultant after the tracing feature of Azure API Management was seen during a client assessment.
When an API is misconfigured to allow tracing by untrusted users, it provides attackers with sensitive technical details about the API and the locations of backend services. The extension automatically identifies this misconfiguration through scanner checks and nicely displays any available trace information inside of Burp Suite during manual testing. This can help attackers identify misconfigured APIs quickly and reduce the number of steps needed to view the trace information.
Source code:
https://github.com/optiv/azure-api-management-tracing-helper
-
Copyright © 2021 Optiv Security Inc. All rights reserved.
-
No license, express or implied, to any intellectual property or other content is granted or intended hereby.
-
This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information.
-
Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards.
-
Complaints / questions should be directed to Legal@optiv.com