FlowMate

Have you ever wondered how to consider all input-to-output correlations of a web application during a pentest? With FlowMate, you no longer have to. FlowMate is our BurpSuite extension designed to introduce taint analysis to web applications. It achieves this by monitoring all parameters sent to a target application and identifying their appearances in the corresponding responses.

This tool operates from either a black-box or grey-box perspective, eliminating the need for any modifications to the underlying infrastructure or the application itself. Moreover, it generates a visual graph that encompasses all parameters in the background. Whenever you require more intricate insights into a specific parameter, value, or URL, you can effortlessly refer to the integrated Neo4J browser to access the graph. This can be accomplished either through a single query in the Neo4J browser or by using the provided built-in query view.

Key Features:
- Track parameter values of all applications added to the BurpSuite project scope.
- Matching of parameters can be performed live while browsing, or deferred in order to reduce load times while manually browsing the application.
- Store all data points in a local and file-based Neo4J instance.
- Integrates the Neo4J Browser directly to visualize and browse the resulting graph. No installation needed.
- Enables you to define Sessions within the plugin to ease tracking cross-session parameters.
- Performs automatic audit steps on the created graph to generate Findings with points of interest.
- Has the capability to define filters for parameters in order to reduce noise in the resulting data flow graph.