Jump to content
Fi8sVrs

SAML Raider - SAML2 Burp Extension

Recommended Posts

  • Active Members

Description

SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates.

This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik Rapperswil (HSR). Our project partner and advisor was Compass Security Schweiz AG. We thank Compass for the nice collaboration and support during our bachelor thesis.

 

Features

The extension is divided in two parts. A SAML message editor and a certificate management tool.

 

Message Editor

Features of the SAML Raider message editor:

  • Sign SAML Messages
  • Sign SAML Assertions
  • Remove Signatures
  • Edit SAML Message (Supported Messages: SAMLRequest and SAMLResponse)
  • Preview eight common XSW Attacks
  • Execute eight common XSW Attacks
  • Send certificate to SAMl Raider Certificate Management
  • Undo all changes of a SAML Message
  • Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile
  • Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding

message_editor.png

 

Certificate Management

Features of the SAML Raider Certificate Management:

  • Import X.509 certificates (PEM and DER format)
  • Import X.509 certificate chains
  • Export X.509 certificates (PEM format)
  • Delete imported X.509 certificates
  • Display informations of X.509 certificates
  • Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format)
  • Export private keys (traditional RSA Key PEM Format)
  • Cloning X.509 certificates
  • Cloning X.509 certificate chains
  • Create new X.509 certificates
  • Editing and self-sign existing X.509 certificates

certificate_management.png

 

Download: saml-raider-1.2.1.jar

Installation: https://github.com/SAMLRaider/SAMLRaider#installation

Source: https://github.com/SAMLRaider/SAMLRaider

  • Upvote 2
Link to comment
Share on other sites

1 minute ago, fbob said:

interesant. dar de revizuit. stim ca tu esti periculos cu scripturile luate random fara sa ai habar de ceea ce fac :)

Plugin-ul se afla in BApp Store, deci este validat de cei de la Burp. Se poate descarca direct de acolo. Daca nu, sursa este disponibila pentru inspectie. In fine, plugin-ul este foarte OK, te scapa de multa munca manuala. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...