SessionProbe is a multi-threaded pentesting tool designed to assist in evaluating user privileges in web applications. It takes a user's session token and checks for a list of URLs if access is possible, highlighting potential authorization issues. SessionProbe deduplicates URL lists and provides real-time logging and progress tracking.
SessionProbe is intended to be used with Burp Suite's "Copy URLs in this host" functionality in the Target tab (available in the free Community Edition).
Note: You may want to change the filter in Burps's Target tab to include files or images. Otherwise, these URLs would not be copied by "Copy URLs in this host" and would not be tested by SessionProbe.
Help is built-in!
sessionprobe --help - outputs the help.Usage:
sessionprobe [flags]
Flags:
-u, --urls string file containing the URLs to be checked (required)
-H, --headers string HTTP headers to be used in the requests in the format "Key1:Value1;Key2:Value2;..."
-h, --help help for sessionprobe
--ignore-css ignore URLs ending with .css (default true)
--ignore-js ignore URLs ending with .js (default true)
-o, --out string output file (default "output.txt")
-p, --proxy string proxy URL (default: "")
-r, --filter-regex string exclude HTTP responses using a regex. Responses whose body matches this regex will not be part of the output.
-l, --filter-lengths string exclude HTTP responses by body length. You can specify lengths separated by commas (e.g., "123,456,789").
--skip-verification skip verification of SSL certificates (default false)
-t, --threads int number of threads (default 10)
--check-all Check POST, DELETE, PUT & PATCH methods (default false)
--check-delete Check DELETE method (default false)
--check-patch Check PATCH method (default false)
--check-post Check POST method (default false)
--check-put Check PUT method (default false)
Examples:
./sessionprobe -u ./urls.txt
./sessionprobe -u ./urls.txt --out ./unauthenticated-test.txt --threads 15
./sessionprobe -u ./urls.txt -H "Cookie: .AspNetCore.Cookies=<cookie>" -o ./output.txt
./sessionprobe -u ./urls.txt -H "Authorization: Bearer <token>" --proxy http://localhost:8080
./sessionprobe -u ./urls.txt -r "Page Not Found"
./sessionprobe -u ./urls.txt -H "Cookie: .AspNetCore.Cookies=<cookie>;Cookie: <another-cookie>=<another_value>"
URLs file is.docker run -it --rm -v "$(pwd):/app/files" --name sessionprobe fw10/sessionprobe [flags]
URLs file must be in the current directory and your output file will also be in this directory.Burp listener run on all interfaces if you want to use the --proxy optiongo run . go builddocker build . -t fw10/sessionprobego test or go test -v (for more details).css, .js), and provides the lengthBurpResponses with Status Code: 200
https://example.com/<some-path> => Length: 12345
https://example.com/<some-path> => Length: 40
...
Responses with Status Code: 301
https://example.com/<some-path> => Length: 890
https://example.com/<some-path> => Length: 434
...
Responses with Status Code: 302
https://example.com/<some-path> => Length: 0
...
Responses with Status Code: 404
...
Responses with Status Code: 502
...
Releases section contains some already compiled binaries for you so that you might not have to build the tool yourselfMac releases, your Mac may throw a warning ("cannot be opened because it is from an unidentified developer")Setup)If you find a bug, please file an Issue right here in GitHub, and I will try to resolve it in a timely manner.
$ claude mcp add sessionprobe \
-- python -m otcore.mcp_server <graph>