exploiting-broken-function-level-authorization

Official

Detect and test Broken Function Level Authorization (BFLA) vulnerabilities in APIs.

Authorbalsm-health
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill helps identify and test Broken Function Level Authorization (BFLA) vulnerabilities in APIs, where regular users can access admin functions or endpoints without proper authorization.

Core Features & Use Cases

  • Endpoint Discovery: Identifies accessible admin endpoints using common patterns.
  • Role-Based Testing: Verifies that access controls enforce correct role-based permissions.
  • HTTP Method Manipulation: Tests if authorization depends on the HTTP method used.
  • Parameter-Based Privilege Escalation: Checks for vulnerabilities through manipulation of request parameters.
  • API Version and Path Traversal: Tests older or alternative API versions and path traversal techniques for bypassing authorization.

Quick Start

Run the agent to test BFLA vulnerabilities in your API by providing the base URL and tokens for different user roles.

Dependency Matrix

Required Modules

requests

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: exploiting-broken-function-level-authorization
Download link: https://github.com/balsm-health/Balsm-AI/archive/main.zip#exploiting-broken-function-level-authorization

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.