OData Explorer is a Burp Suite extension specifically designed for black-box security testing of OData services. Leveraging Service Metadata Documents, this tool automates the creation of attack templates and helps security professionals efficiently identify potential vulnerabilities in their OData implementations.
- Download Burp Suite: http://portswigger.net/burp/download.html
- Download Jython standalone JAR: http://www.jython.org/download.html
- Open burp -> Extender -> Options -> Python Environment -> Select File -> Choose the Jython standalone JAR
- Import odata_explorer.py into Burp extensions
OData Explorer possesses the capability to generate HTTP requests based on Service Metadata Documents. Utilizing this feature is incredibly straightforward. Simply copy the corresponding XML metadata document, then click the "Generate Requests" button. This will produce a list of valid HTTP requests, complete with appropriate URIs, query paramete and request bodies.