feat: Bambda to filter authorization values not equal to jwt bearer

[GangGreenTemperTatum]

Bambda Contributions

• [✅] Bambda has a valid header, featuring an @author annotation and suitable description
• [✅] Bambda compiles and executes as expected
• [✅] Only .bambda files have been added or modified (README.md files are automatically updated / generated after PR merge)

The intent of this bambda is to filter the burp suite proxy for in-scope HTTP requests that contain an Authorization HTTP header which !=null, contains "bearer" (case-insensitive) and !~"ey".

The JWT header often (not always) starts with {"alg":... , which then becomes eyJ... of course, this can be expanded to tailor other types of session-tokens etc.

The use-case for this (which i have tested and used myself) is for testing web app endpoints which use authentication, but is not validated with a traditional bearer token such as JWT (could be an API key for example) which can represent incoherence and weaknesses within endpoint security misconfigurations between the use of session-tokens and API keys for authentication.

Here's an example of my bambda in action:

The goal of identifying web application endpoints that use authentication but are not validated with a traditional bearer token (e.g., JWT or API key) is important for several reasons in terms of application security:

1. Detection of Misconfigurations: Misconfigurations in authentication mechanisms can lead to security vulnerabilities. Identifying instances where authentication is in place but not correctly configured with standard bearer tokens helps in detecting potential misconfigurations that might lead to unauthorized access or other security breaches.
2. Consistency in Security Measures: Using a consistent approach for authentication across web application endpoints is essential for maintaining a robust security posture. Incoherence in the use of different types of tokens (e.g., session tokens and API keys) can introduce confusion and weaken the overall security of the application.
3. Prevention of Token Confusion Attacks: The goal helps in preventing token confusion attacks where an attacker exploits misconfigurations to use one type of token where another is expected. This type of attack can lead to unauthorized access or privilege escalation if not addressed.
4. Mitigation of Security Weaknesses: Identifying and addressing security weaknesses related to token validation ensures that the authentication process is reliable and resistant to common attacks. This is crucial for protecting sensitive data, user accounts, and preventing unauthorized actions within the application.
5. Enhancement of Overall Application Security Posture: By focusing on the specific aspect of authentication token validation, the goal contributes to an overall enhancement of the application's security posture. It allows developers and security teams to address vulnerabilities and maintain a more secure environment.
6. Compliance with Security Best Practices: Following best practices in authentication, such as using standardized bearer tokens, is often recommended for secure web application development. Achieving the goal aligns with these best practices, ensuring that the application adheres to recognized and accepted security standards.
7. Risk Reduction: Identifying and rectifying misconfigurations in authentication reduces the risk of unauthorized access, data breaches, and other security incidents. This proactive approach helps in minimizing the potential impact of security threats on the application and its users.

[Hannah-PortSwigger]

Thank you very much for your submission!

We have some feedback points for you.

Please let us know if you have any questions, or if there's anything we can help with.

[GangGreenTemperTatum]

Thank you very much for your submission!

We have some feedback points for you.

Please let us know if you have any questions, or if there's anything we can help with.

Thanks @Hannah-PortSwigger ! I performed individual commit's to address your feedback above and tested to ensure this is working with no errors following the changes (see a few curl's to an in-scope site this morning, which matches and appends these requests to my original evidence of a working bambda)

only outstanding topic is within this comment but apart from that i think we maybe good to 🧻 ?

plmk if you need anything else, tyia!

[Hannah-PortSwigger]

@GangGreenTemperTatum Thanks for taking a look! We've made some further adjustments based on the feedback to tidy up the Bambda a bit - can you check whether this still lines up with your original logic?

[GangGreenTemperTatum]

@GangGreenTemperTatum Thanks for taking a look! We've made some further adjustments based on the feedback to tidy up the Bambda a bit - can you check whether this still lines up with your original logic?

hey @Hannah-PortSwigger , thanks for the constructive feedback! yes, this still sems to align with my bambda purpose and intention. also, to double-check i also tested again against my proxy history and matches my intended results with no errors:

plmk if you need anything else, tyia!

[ps-porpoise]

Looks great, thanks for your submission!