Support For XXE Attacks In SAML In Our Burp Suite Extension

In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

Related posts

1. Hacking Tools For Mac
2. Hack And Tools
3. Easy Hack Tools
4. Beginner Hacker Tools
5. Best Hacking Tools 2019
6. Pentest Tools Website
7. Hack Tools For Windows
8. Pentest Recon Tools
9. Hack Apps
10. Ethical Hacker Tools
11. Best Hacking Tools 2019
12. Hacker Tools List
13. New Hacker Tools
14. Hacker Tools For Windows
15. Hacker Tools For Pc
16. Pentest Tools Find Subdomains
17. Hacking Tools Hardware
18. Hacking Tools Windows
19. Hacker Tools For Mac
20. Pentest Tools Review
21. Pentest Tools Download
22. Hacker Tools Apk Download
23. Pentest Tools Bluekeep
24. Best Hacking Tools 2020
25. Beginner Hacker Tools
26. Hacker Hardware Tools
27. Underground Hacker Sites
28. Hacking Tools Mac
29. How To Make Hacking Tools
30. Hacking Tools For Beginners
31. Hacking Tools For Kali Linux
32. Hacking Tools Free Download
33. Hack Tools Online
34. Nsa Hack Tools
35. Pentest Tools Download
36. Pentest Tools For Android
37. Hacking Tools Software
38. Hack Tools 2019
39. Pentest Tools Bluekeep
40. Hacker Tools 2019
41. Pentest Tools For Android
42. Hack Tools For Windows
43. Hack Tools For Ubuntu
44. Hacker Tools For Pc
45. Hack Tools For Games
46. Beginner Hacker Tools
47. Hacking Tools 2020
48. Pentest Tools Open Source
49. Hacker Tools 2019
50. Hacking Tools Mac
51. Pentest Tools For Windows
52. Pentest Tools Online
53. Pentest Tools For Ubuntu
54. Hak5 Tools
55. Pentest Tools Website
56. Hacking Tools Windows 10
57. Hack Tools Github
58. Hack Apps
59. Pentest Tools List
60. Tools Used For Hacking
61. Hacking Tools 2019
62. Github Hacking Tools
63. Pentest Tools Review
64. Hacker Tools List
65. Best Hacking Tools 2020
66. How To Hack
67. Hack Tools Pc
68. Pentest Tools
69. Game Hacking
70. Hacking Apps
71. Hack Apps
72. Hacker
73. Hack Tools 2019
74. Hack Tools For Mac
75. Hacking App
76. Hacking Tools Free Download
77. Hacker Tools For Windows
78. Hacking Tools
79. Hack App
80. World No 1 Hacker Software
81. Beginner Hacker Tools
82. Hacker Tools For Windows
83. Nsa Hack Tools Download
84. What Is Hacking Tools
85. Hacking Apps
86. Hacking Tools For Kali Linux
87. Pentest Tools Apk
88. Install Pentest Tools Ubuntu
89. Pentest Tools Subdomain
90. Best Pentesting Tools 2018
91. New Hack Tools
92. Hack Website Online Tool
93. Hacking Tools For Pc
94. How To Install Pentest Tools In Ubuntu
95. Hacking Tools For Beginners
96. Hack And Tools
97. Hack Tools 2019
98. Hack Tools For Mac
99. Hacker Tools Mac
100. Pentest Automation Tools
101. Nsa Hack Tools
102. Growth Hacker Tools
103. Hacking Tools For Windows 7
104. Hacker Tools Free Download
105. Hack Tools 2019
106. Kik Hack Tools
107. Hacking App
108. Pentest Tools Bluekeep
109. Termux Hacking Tools 2019
110. Pentest Tools Subdomain
111. Pentest Tools For Windows
112. Pentest Automation Tools
113. Hacking Apps
114. Hacker Tools For Ios
115. Game Hacking
116. Hacker Tools
117. Pentest Tools Website Vulnerability
118. Hack Tools For Pc
119. Tools For Hacker
120. Beginner Hacker Tools
121. Pentest Tools Windows
122. Android Hack Tools Github
123. Pentest Tools Framework
124. How To Make Hacking Tools
125. Pentest Tools Bluekeep
126. Tools Used For Hacking
127. Android Hack Tools Github
128. Pentest Tools Website Vulnerability
129. Pentest Box Tools Download
130. Pentest Tools For Windows
131. Hacking Tools Windows
132. Pentest Automation Tools
133. Hacks And Tools
134. Pentest Tools Android
135. Hack Website Online Tool
136. Hacker Techniques Tools And Incident Handling
137. Hacking Tools Download
138. Hacker Tools Mac
139. Hacker Tools Mac
140. Hacker Tools For Ios
141. Pentest Tools Nmap
142. Pentest Tools List
143. Hacker Tools Windows
144. Pentest Recon Tools
145. Hacking Apps
146. Hacker Tools 2020
147. Hack Tools For Ubuntu
148. Pentest Tools Windows