Support For XXE Attacks In SAML In Our Burp Suite Extension

In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

Continue reading

1. Pentest Tools Subdomain
2. Hacking Tools 2020
3. Hacking App
4. Bluetooth Hacking Tools Kali
5. Hack Tools 2019
6. Hack App
7. Hacker Tools 2019
8. Hack Tools For Games
9. Free Pentest Tools For Windows
10. Bluetooth Hacking Tools Kali
11. Pentest Tools Port Scanner
12. Hacker Hardware Tools
13. Pentest Tools Framework
14. Hacker Tools For Windows
15. Hacker Tools Free Download
16. Hacking Tools For Games
17. Hacks And Tools
18. Hacker Tools Apk Download
19. Hack And Tools
20. Hack Tools Download
21. Hack Tools Github
22. Hack App
23. Hacker Tools Github
24. Pentest Tools Online
25. Pentest Box Tools Download
26. Hacker Tools
27. Best Pentesting Tools 2018
28. Pentest Tools Subdomain
29. Hack Tools For Games
30. Pentest Tools Website Vulnerability
31. Pentest Recon Tools
32. Hack Tools For Games
33. Pentest Tools Subdomain
34. Hacking Tools Usb
35. Ethical Hacker Tools
36. Usb Pentest Tools
37. Hacker Tools Hardware
38. Kik Hack Tools
39. Hacker Tools Github
40. Hacking Tools Usb
41. Hacking Tools For Pc
42. Hackers Toolbox
43. Hacking Tools Mac
44. How To Install Pentest Tools In Ubuntu
45. Pentest Tools For Android
46. Hack Tool Apk No Root
47. Growth Hacker Tools
48. Hacker Tools Github
49. Hacking Tools Mac
50. What Are Hacking Tools
51. Hack Tools
52. Hacker Search Tools
53. Pentest Tools For Mac
54. Hacking Tools For Mac
55. Hack Tools Mac
56. Hacking Tools Software
57. Hacker Tools Online
58. Hacker Tools For Pc
59. Hacking Tools Kit
60. Nsa Hack Tools
61. Hacks And Tools
62. Hacker Tools
63. Github Hacking Tools
64. Hack Tools For Pc
65. How To Install Pentest Tools In Ubuntu
66. Hack Tools 2019
67. Install Pentest Tools Ubuntu
68. Hack Tools For Mac
69. Kik Hack Tools
70. Hacker Tools Apk Download
71. Hacking Tools For Games
72. Hack Tools For Pc
73. Hacks And Tools
74. Hack Tools Online