Support For XXE Attacks In SAML In Our Burp Suite Extension

In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

Continue reading

1. Tools For Hacker
2. Pentest Tools Framework
3. Hacking Tools 2019
4. Pentest Tools Framework
5. Pentest Tools Review
6. Usb Pentest Tools
7. Bluetooth Hacking Tools Kali
8. Hack App
9. Pentest Tools For Windows
10. Hack Tools
11. Pentest Tools Review
12. Best Hacking Tools 2020
13. Android Hack Tools Github
14. Hacker
15. Hack And Tools
16. Hacker Tools Apk Download
17. Hacker Tools Free
18. Pentest Tools Nmap
19. How To Hack
20. Hack Website Online Tool
21. Hacker Hardware Tools
22. Hacker Hardware Tools
23. Hack Tools Github
24. Usb Pentest Tools
25. Pentest Tools For Windows
26. Nsa Hacker Tools
27. Pentest Tools Website
28. Hacker Search Tools
29. Hacker Tools
30. Hacking Tools Mac
31. Nsa Hacker Tools
32. Pentest Tools For Windows
33. Hacker Tools For Mac
34. Ethical Hacker Tools
35. Pentest Tools Alternative
36. What Is Hacking Tools
37. Hacking Tools Download
38. Github Hacking Tools
39. Pentest Tools For Ubuntu
40. Hacker Tools Free Download
41. Wifi Hacker Tools For Windows
42. Hacker Tools For Mac
43. Hack Tool Apk
44. Pentest Tools Download
45. Nsa Hack Tools
46. Hacker Hardware Tools
47. Underground Hacker Sites
48. Blackhat Hacker Tools
49. Growth Hacker Tools
50. Nsa Hack Tools Download
51. Hacking Tools Online
52. Hack Tools
53. Pentest Tools
54. How To Hack
55. Pentest Tools Nmap
56. Bluetooth Hacking Tools Kali
57. Hacker Tools Mac
58. What Is Hacking Tools
59. Hacking Tools Pc
60. Hacker Search Tools
61. How To Make Hacking Tools
62. Hack Tools For Pc
63. Hackers Toolbox
64. Hacking Tools And Software
65. Hack Tools Mac
66. Blackhat Hacker Tools
67. Wifi Hacker Tools For Windows
68. Hacker Tools For Mac
69. Hack Tools For Pc
70. Pentest Tools Url Fuzzer
71. New Hacker Tools
72. Hacker
73. Best Hacking Tools 2020