Azure API Management Tracing Helper

 

Azure API Management Tracing Helper is a Burp Suite extension to aid in testing APIs hosted on the Azure API Management platform. The extension was created by an Optiv consultant after the tracing feature of Azure API Management was seen during a client assessment.

 

When an API is misconfigured to allow tracing by untrusted users, it provides attackers with sensitive technical details about the API and the locations of backend services. The extension automatically identifies this misconfiguration through scanner checks and nicely displays any available trace information inside of Burp Suite during manual testing. This can help attackers identify misconfigured APIs quickly and reduce the number of steps needed to view the trace information.

 

Source code:

https://github.com/optiv/azure-api-management-tracing-helper

Would you like to speak to an advisor?

How can we help you today?

Image
field-guide-cloud-list-image@2x.jpg
Cybersecurity Field Guide #13: A Practical Approach to Securing Your Cloud Transformation
Image
OptivCon
Register for an Upcoming OptivCon

Ready to speak to an Optiv expert to discuss your security needs?