oauth-hunter is a powerful tool designed for intercepting and analyzing OAuth requests using mitmproxy.
It captures OAuth requests and performs comprehensive testing on the redirect_uri parameter, evaluating it against a variety of scenarios to identify potential vulnerabilities.
This allows users to ensure the robustness of their OAuth implementations and safeguard against common security issues.
In addition to its current capabilities, we are actively working on expanding the tool's functionality to include testing to the state parameter, among other enhancements.
This ongoing development aims to provide a more thorough analysis of OAuth implementations, ensuring robust security and resilience against common vulnerabilities.
The tool was published as part of the "How Secure Is Your OAuth? Insights from 100 Websites" research https://www.cyberark.com/resources/threat-research-blog/how-secure-is-your-oauth-insights-from-100-websites.
You will need the following installed:
- python 3.x
- pip3
Clone the repository:
git clone https://github.com/cyberark/oauth-hunter.git
Install module dependencies. (You may prefer to do this within a Virtual Environment)
cd ./oauth-hunter
pip3 install -r requirements.txt
Run:
python3 main.py
The tool starts a proxy on the default port 1337. Ensure you configure your system or tool to listen on this port to intercept and analyze network traffic.
For advanced usage, the tool can integrate with Burp Suite by specifying the --burp-proxy option followed by the port Burp Suite is configured to use.
This allows the tool to send test requests through the Burp Suite proxy for enhanced analysis.
usage: main.py [-h] [--create-excel [CREATE_EXCEL]] [--overwrite] [--proxy-port PROXY_PORT] [--burp-proxy [BURP_PROXY]] [--evil-domain EVIL_DOMAIN] [--yaml-scenarios YAML_SCENARIOS]
OAuth Proxy Tester
options:
-h, --help show this help message and exit
--create-excel [CREATE_EXCEL]
Create an Excel file with the given name or use the default name.
--overwrite Overwrite the existing file if it exists.
--proxy-port PROXY_PORT
Specify the proxy port.
--burp-proxy [BURP_PROXY]
Specify the Burp proxy port. Defaults to 8080 if specified without a value.
--evil-domain EVIL_DOMAIN
Specify the evil domain.
--yaml-scenarios YAML_SCENARIOS
Path to YAML file with scenarios.
We welcome contributions of all kinds to this repository.
For instructions on how to get started and descriptions
of our development workflows, please see our contributing guide.
This tool is intended solely for internal use within your organization for identifying potential OAuth implementation issues in environments you own or are authorized to assess.
Copyright (c) 2025 CyberArk Software Ltd. All rights reserved
This repository is licensed under Apache-2.0 License - see LICENSE for more details.
For more comments, suggestions or questions, you can contact Eviatar Gerzi (@g3rzi) from CyberArk Labs. You can find more projects developed by us in https://github.com/cyberark/.