Created
May 25, 2025 05:54
-
-
Save shariqmalik/2528ee837e005e54016be5b7a8c1a954 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // =============================== | |
| // Bambda: IDOR Keyword Highlighter with Notes | |
| // Highlights HTTP requests in ORANGE and adds a note if any IDOR-related strings are found | |
| // =============================== | |
| // List your IDOR-related keywords here | |
| String[] idorKeywords = new String[] { | |
| "user_id", "userid", "account_id", "accountid", "profile_id", "profileid", | |
| "customer_id", "custid", "uid", "id=", "user=", "account=", "member_id" | |
| }; // Modify this part according to UserID scrings | |
| // Convert the entire HTTP request to a string for searching | |
| String requestStr = requestResponse.request().toString(); | |
| // Initialize a flag to check for matches | |
| boolean found = false; | |
| // Loop through each keyword and check if it's present in the request | |
| for (String keyword : idorKeywords) { | |
| if (requestStr.contains(keyword)) { | |
| // Highlight the request in yellow | |
| requestResponse.annotations().setHighlightColor(HighlightColor.ORANGE); | |
| // Add a note for tracking | |
| requestResponse.annotations().setNotes("Possible IDOR parameter: " + keyword); | |
| found = true; | |
| break; // Stop after the first match | |
| } | |
| } | |
| // If no keyword is found, clear any previous highlight and note | |
| if (!found) { | |
| requestResponse.annotations().setHighlightColor(HighlightColor.NONE); | |
| requestResponse.annotations().setNotes(""); | |
| } | |
| // Always return true to keep all items visible in the history tab | |
| return true; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment