ACMate is a framework for testing and reverse-engineering access control (AC) policies. It is developed by the SVV Laboratory, SnT, University of Luxembourg.

Here you can download the light weight version of the ACMate tool with the basic functions for access control testing.

ACMate-Lite is a Java-based extension module for Burp Suite (http://protswigger.net/burp/) that can be loaded and run seamlessly with Burp Suite proxy and spider. ACMate-Lite provides hand-on testing functions to support the Web application developers to test the access control implemented in their web-based products. ACMate-Lite contains the following key components:

• Mining input specification from logs
• Smartly generating AC requests using pairwise combination strategy
• Executing AC tests, taking into account contextual parameters

You can download the binary file here.

... or from source:

git clone https://github.com/lehathanh/acmate.git

and build the binary file in Eclipse using Ant.

ACMate-Lite works as an extension in Burp Suite. Please refer to this instruction for its installation.

User guide is available here.