Support For XXE Attacks In SAML In Our Burp Suite Extension

In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

Continue reading

1. Pentest Tools
2. Ethical Hacker Tools
3. Hacker Tools Free
4. Hack Tools 2019
5. Kik Hack Tools
6. Physical Pentest Tools
7. Github Hacking Tools
8. Pentest Tools Apk
9. Pentest Tools For Ubuntu
10. Hacker Tools List
11. Hack Rom Tools
12. Hacking Tools Hardware
13. Hak5 Tools
14. Pentest Tools Free
15. Hacking Tools 2019
16. Hacker Tools 2020
17. Hacker Tools For Pc
18. Hacker Tools For Pc
19. Hacking Tools For Mac
20. Pentest Tools List
21. Hacker Tools For Ios
22. Pentest Reporting Tools
23. Hacking Tools Pc
24. Beginner Hacker Tools
25. Hacking Tools Download
26. Hacking Tools Github
27. Pentest Tools For Android
28. Hackers Toolbox
29. Hacking Tools Hardware
30. Wifi Hacker Tools For Windows
31. Hacker Tools Free
32. Physical Pentest Tools
33. Pentest Tools Apk
34. Hacker Tools Free Download
35. Hackers Toolbox
36. Hacker Tools Github
37. Hacking Tools For Windows Free Download
38. Hak5 Tools
39. Hack Website Online Tool
40. Pentest Tools Free
41. Top Pentest Tools
42. Hack Tools For Ubuntu
43. Best Hacking Tools 2020
44. World No 1 Hacker Software
45. Hacker Tools Online
46. Hacker Tools Free Download
47. Hacking Tools For Windows
48. Growth Hacker Tools
49. Tools 4 Hack
50. Hack Website Online Tool
51. Hack Tools Mac
52. Hacking Tools For Pc
53. Hacker Tool Kit
54. Hack Tools For Mac
55. Game Hacking
56. Hacker Tools Free
57. How To Install Pentest Tools In Ubuntu
58. Game Hacking
59. Blackhat Hacker Tools
60. Hack Tools 2019
61. Hacking Tools Hardware
62. Hacking Tools For Pc
63. Hacks And Tools
64. Pentest Tools Alternative
65. Ethical Hacker Tools
66. Tools For Hacker
67. Hacker Tools
68. Pentest Tools
69. Hack Tools For Games
70. Hacker Tools Github
71. Hacking Tools Mac
72. Hack And Tools
73. Hack Apps
74. Game Hacking
75. How To Install Pentest Tools In Ubuntu
76. Hacking Tools 2019
77. Pentest Tools Bluekeep
78. Beginner Hacker Tools
79. Pentest Tools For Android
80. Beginner Hacker Tools
81. Hacker Tools Apk