Burp suite’s proxy options have an option called “Match and replace” available. This option has many rich uses that can help us automate our testing process. With some smart uses of this amazing option, we can automatically test for CSRF, IDOR, command injection,.. by just clicking around in the application! Let’s explore this magical tool and it’s many options.
Replacing authorization headers
Since authorize basically just matches the authorization headers and attempts to replace them…