Support For XXE Attacks In SAML In Our Burp Suite Extension

In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

More information

1. Pentest Tools
2. Hacking Tools Kit
3. Hacking Tools Pc
4. Hacking Tools Windows 10
5. Blackhat Hacker Tools
6. Pentest Tools Apk
7. Hack Tools Mac
8. Hacker Tools For Mac
9. Hak5 Tools
10. Pentest Tools Online
11. Pentest Tools Subdomain
12. Game Hacking
13. Hackers Toolbox
14. Pentest Automation Tools
15. Pentest Reporting Tools
16. Hacker Tools Mac
17. Pentest Tools For Ubuntu
18. Hacker Tools Free Download
19. Hacking Tools Windows
20. Growth Hacker Tools
21. Hacking Tools Software
22. Pentest Tools Free
23. Hack Tool Apk No Root
24. Hack And Tools
25. Wifi Hacker Tools For Windows
26. Pentest Tools Linux
27. Hack Apps
28. Hack Tools
29. Hacker Tools
30. Pentest Recon Tools
31. Pentest Tools Nmap
32. Nsa Hacker Tools
33. Hacker Search Tools
34. Android Hack Tools Github
35. How To Hack
36. Hacker Tools Free
37. How To Install Pentest Tools In Ubuntu
38. Physical Pentest Tools
39. Hacking Tools For Kali Linux
40. Hack And Tools
41. Hacker Tools Linux
42. Pentest Tools Linux
43. Pentest Tools Online
44. Pentest Tools Apk
45. Hacks And Tools
46. Blackhat Hacker Tools
47. Pentest Tools Url Fuzzer
48. Hacking Tools Windows
49. Pentest Tools Website
50. Hacker Tools
51. Hacker Tools Linux
52. Hackrf Tools
53. Pentest Tools Open Source
54. Hacker Tools Github
55. Pentest Tools Review
56. Hacker Tools 2019
57. Top Pentest Tools
58. Pentest Tools For Windows
59. Pentest Tools Open Source
60. Hacking Tools Online
61. Physical Pentest Tools
62. Physical Pentest Tools
63. Hacking Tools Pc
64. Pentest Tools Linux
65. Physical Pentest Tools
66. How To Hack
67. Pentest Tools Download
68. Hack Tool Apk No Root
69. Beginner Hacker Tools
70. Pentest Tools Android
71. World No 1 Hacker Software
72. Pentest Tools For Ubuntu
73. Pentest Tools List
74. Hacker Tools For Ios
75. Pentest Tools For Windows
76. Pentest Tools Url Fuzzer
77. Easy Hack Tools
78. Hack Tools Download
79. Tools For Hacker
80. Pentest Tools Nmap
81. Hacker Techniques Tools And Incident Handling
82. Hacking Tools And Software
83. Hack Tools 2019
84. Hacker Tools Apk
85. Hacking Tools For Pc
86. Pentest Reporting Tools
87. Hack And Tools
88. Hacking Tools Windows 10
89. Pentest Automation Tools
90. Underground Hacker Sites
91. Android Hack Tools Github
92. Beginner Hacker Tools
93. Easy Hack Tools
94. Github Hacking Tools
95. Hacker Security Tools
96. Hacker Tools 2020
97. Hack Tools
98. Pentest Tools Windows
99. Hack Tools
100. Hack Tools For Mac
101. Hack Tools For Ubuntu
102. Hacker Tool Kit
103. Hacker Tool Kit
104. Hacker Tools Mac
105. Wifi Hacker Tools For Windows
106. Hackers Toolbox
107. Game Hacking
108. Github Hacking Tools
109. Hack Tools Download
110. Wifi Hacker Tools For Windows
111. Hack Tool Apk No Root
112. Hack Tools
113. Hacking Tools Mac
114. Hack Tools Github
115. Ethical Hacker Tools
116. Hack Tool Apk
117. Pentest Tools Alternative
118. Hack And Tools
119. Hack Tools
120. Hack Tools Pc
121. Hack Apps
122. Hacking Tools Windows 10
123. Hacker Tools Mac
124. Hacker Tools Mac
125. Hacking Tools Name
126. Pentest Tools Download
127. Hacker Techniques Tools And Incident Handling
128. Hacking Tools And Software
129. Hacking Tools For Pc
130. Hacker Tools For Windows
131. Hacking Tools
132. Free Pentest Tools For Windows
133. How To Make Hacking Tools
134. Hacking Tools For Windows 7
135. Hacker Hardware Tools
136. Pentest Tools Port Scanner
137. Best Hacking Tools 2020
138. Hacker Tools 2020
139. Pentest Tools For Android
140. Hacker Tools Github
141. Hacking Tools For Windows 7
142. Pentest Tools Download
143. Bluetooth Hacking Tools Kali
144. Tools Used For Hacking
145. Hacking Tools For Windows Free Download
146. Pentest Tools Alternative
147. Hacker Tools Free
148. Best Hacking Tools 2020
149. New Hack Tools
150. Hacker Tools Free Download
151. Pentest Recon Tools
152. Hack Tools For Games
153. Termux Hacking Tools 2019
154. Hacker Tools List
155. Kik Hack Tools