exploiting-broken-function-level-authorization
OfficialDetect and test Broken Function Level Authorization (BFLA) vulnerabilities in APIs.
Authorbalsm-health
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps identify and test Broken Function Level Authorization (BFLA) vulnerabilities in APIs, where regular users can access admin functions or endpoints without proper authorization.
Core Features & Use Cases
- Endpoint Discovery: Identifies accessible admin endpoints using common patterns.
- Role-Based Testing: Verifies that access controls enforce correct role-based permissions.
- HTTP Method Manipulation: Tests if authorization depends on the HTTP method used.
- Parameter-Based Privilege Escalation: Checks for vulnerabilities through manipulation of request parameters.
- API Version and Path Traversal: Tests older or alternative API versions and path traversal techniques for bypassing authorization.
Quick Start
Run the agent to test BFLA vulnerabilities in your API by providing the base URL and tokens for different user roles.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: exploiting-broken-function-level-authorization Download link: https://github.com/balsm-health/Balsm-AI/archive/main.zip#exploiting-broken-function-level-authorization Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.