[The Burp SessionAuth] Extension for Detection of Possible Privilege escalation vulnerabilities

Normally a web application should identify a logged in user by data which is stored on the server side in some kind of session storage. However, in web application audits someone can often observe that internal user identifiers are transmitted in HTTP requests as parameters or cookies. Applicatio...