AuRA - Auth. Request Analyser

This extensions aims to support the analysis of single sign-on implementations, by offering semi-automated analysis and attack capabilities for OAuth 2.0 and OpenID Connect 1.0 Auth. Requests. Features: • View request parameters at a glance, either via the popup or the developer tools panel. • Hover over standardised parameters for background information about parameters. • Manually modify request parameters. • Detailed Analysis of request parameters: • Observations: Informational findings within the Auth. Request. • Recommendations: Hardening measures directly identified within the current Auth. Request. • Attacks: Proposed further test cases, can be automatically executed with one click. • Search history for Auth. Request and replay the request. • Indicate with a badge if the currently visited page appears to be an Auth. Request. • Store and reload URL: Can be used as clipboard for one valid request, restore saved URL in case an error causes a redirect. • Manually trigger analysis.