Support For XXE Attacks In SAML In Our Burp Suite Extension

In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

More information

1. Pentest Tools
2. Hacking Tools Kit
3. Hacking Tools Pc
4. Hacking Tools Windows 10
5. Blackhat Hacker Tools
6. Pentest Tools Apk
7. Hack Tools Mac
8. Hacker Tools For Mac
9. Hak5 Tools
10. Pentest Tools Online
11. Pentest Tools Subdomain
12. Game Hacking
13. Hackers Toolbox
14. Pentest Automation Tools
15. Pentest Reporting Tools
16. Hacker Tools Mac
17. Pentest Tools For Ubuntu
18. Hacker Tools Free Download
19. Hacking Tools Windows
20. Growth Hacker Tools
21. Hacking Tools Software
22. Pentest Tools Free
23. Hack Tool Apk No Root
24. Hack And Tools
25. Wifi Hacker Tools For Windows
26. Pentest Tools Linux
27. Hack Apps
28. Hack Tools
29. Hacker Tools
30. Pentest Recon Tools
31. Pentest Tools Nmap
32. Nsa Hacker Tools
33. Hacker Search Tools
34. Android Hack Tools Github
35. How To Hack
36. Hacker Tools Free
37. How To Install Pentest Tools In Ubuntu
38. Physical Pentest Tools
39. Hacking Tools For Kali Linux
40. Hack And Tools
41. Hacker Tools Linux
42. Pentest Tools Linux
43. Pentest Tools Online
44. Pentest Tools Apk
45. Hacks And Tools
46. Blackhat Hacker Tools
47. Pentest Tools Url Fuzzer
48. Hacking Tools Windows
49. Pentest Tools Website
50. Hacker Tools
51. Hacker Tools Linux
52. Hackrf Tools
53. Pentest Tools Open Source
54. Hacker Tools Github
55. Pentest Tools Review
56. Hacker Tools 2019
57. Top Pentest Tools
58. Pentest Tools For Windows
59. Pentest Tools Open Source
60. Hacking Tools Online
61. Physical Pentest Tools
62. Physical Pentest Tools
63. Hacking Tools Pc
64. Pentest Tools Linux
65. Physical Pentest Tools
66. How To Hack
67. Pentest Tools Download
68. Hack Tool Apk No Root
69. Beginner Hacker Tools
70. Pentest Tools Android
71. World No 1 Hacker Software
72. Pentest Tools For Ubuntu
73. Pentest Tools List
74. Hacker Tools For Ios
75. Pentest Tools For Windows
76. Pentest Tools Url Fuzzer
77. Easy Hack Tools
78. Hack Tools Download
79. Tools For Hacker
80. Pentest Tools Nmap
81. Hacker Techniques Tools And Incident Handling
82. Hacking Tools And Software
83. Hack Tools 2019
84. Hacker Tools Apk
85. Hacking Tools For Pc
86. Pentest Reporting Tools
87. Hack And Tools
88. Hacking Tools Windows 10
89. Pentest Automation Tools
90. Underground Hacker Sites
91. Android Hack Tools Github
92. Beginner Hacker Tools
93. Easy Hack Tools
94. Github Hacking Tools
95. Hacker Security Tools
96. Hacker Tools 2020
97. Hack Tools
98. Pentest Tools Windows
99. Hack Tools
100. Hack Tools For Mac
101. Hack Tools For Ubuntu
102. Hacker Tool Kit
103. Hacker Tool Kit
104. Hacker Tools Mac
105. Wifi Hacker Tools For Windows
106. Hackers Toolbox
107. Game Hacking
108. Github Hacking Tools
109. Hack Tools Download
110. Wifi Hacker Tools For Windows
111. Hack Tool Apk No Root
112. Hack Tools
113. Hacking Tools Mac
114. Hack Tools Github
115. Ethical Hacker Tools
116. Hack Tool Apk
117. Pentest Tools Alternative
118. Hack And Tools
119. Hack Tools
120. Hack Tools Pc
121. Hack Apps
122. Hacking Tools Windows 10
123. Hacker Tools Mac
124. Hacker Tools Mac
125. Hacking Tools Name
126. Pentest Tools Download
127. Hacker Techniques Tools And Incident Handling
128. Hacking Tools And Software
129. Hacking Tools For Pc
130. Hacker Tools For Windows
131. Hacking Tools
132. Free Pentest Tools For Windows
133. How To Make Hacking Tools
134. Hacking Tools For Windows 7
135. Hacker Hardware Tools
136. Pentest Tools Port Scanner
137. Best Hacking Tools 2020
138. Hacker Tools 2020
139. Pentest Tools For Android
140. Hacker Tools Github
141. Hacking Tools For Windows 7
142. Pentest Tools Download
143. Bluetooth Hacking Tools Kali
144. Tools Used For Hacking
145. Hacking Tools For Windows Free Download
146. Pentest Tools Alternative
147. Hacker Tools Free
148. Best Hacking Tools 2020
149. New Hack Tools
150. Hacker Tools Free Download
151. Pentest Recon Tools
152. Hack Tools For Games
153. Termux Hacking Tools 2019
154. Hacker Tools List
155. Kik Hack Tools

Rootkit Umbreon / Umreon - X86, ARM Samples

Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
Research: Trend Micro


There are two packages
one is 'found in the wild' full and a set of hashes from Trend Micro (all but one file are already in the full package)

Download

Download Email me if you need the password  

File information

Part one (full package)

#	File Name	Hash Value	File Size (on Disk)	Duplicate?
1	.umbreon-ascii	0B880E0F447CD5B6A8D295EFE40AFA37	6085 bytes (5.94 KiB)
2	autoroot	1C5FAEEC3D8C50FAC589CD0ADD0765C7	281 bytes (281 bytes)
3	CHANGELOG	A1502129706BA19667F128B44D19DC3C	11 bytes (11 bytes)
4	cli.sh	C846143BDA087783B3DC6C244C2707DC	5682 bytes (5.55 KiB)
5	hideports	D41D8CD98F00B204E9800998ECF8427E	0 bytes ( bytes)	Yes, of file promptlog
6	install.sh	9DE30162E7A8F0279E19C2C30280FFF8	5634 bytes (5.5 KiB)
7	Makefile	0F5B1E70ADC867DD3A22CA62644007E5	797 bytes (797 bytes)
8	portchecker	006D162A0D0AA294C85214963A3D3145	113 bytes (113 bytes)
9	promptlog	D41D8CD98F00B204E9800998ECF8427E	0 bytes ( bytes)
10	readlink.c	42FC7D7E2F9147AB3C18B0C4316AD3D8	1357 bytes (1.33 KiB)
11	ReadMe.txt	B7172B364BF5FB8B5C30FF528F6C5125	2244 bytes (2.19 KiB)
12	setup	694FFF4D2623CA7BB8270F5124493F37	332 bytes (332 bytes)
13	spytty.sh	0AB776FA8A0FBED2EF26C9933C32E97C	1011 bytes (1011 bytes)	Yes, of file spytty.sh
14	umbreon.c	91706EF9717176DBB59A0F77FE95241C	1007 bytes (1007 bytes)
15	access.c	7C0A86A27B322E63C3C29121788998B8	713 bytes (713 bytes)
16	audit.c	A2B2812C80C93C9375BFB0D7BFCEFD5B	1434 bytes (1.4 KiB)
17	chown.c	FF9B679C7AB3F57CFBBB852A13A350B2	2870 bytes (2.8 KiB)
18	config.h	980DEE60956A916AFC9D2997043D4887	967 bytes (967 bytes)
19	config.h.dist	980DEE60956A916AFC9D2997043D4887	967 bytes (967 bytes)	Yes, of file config.h
20	dirs.c	46B20CC7DA2BDB9ECE65E36A4F987ABC	3639 bytes (3.55 KiB)
21	dlsym.c	796DA079CC7E4BD7F6293136604DC07B	4088 bytes (3.99 KiB)
22	exec.c	1935ED453FB83A0A538224AFAAC71B21	4033 bytes (3.94 KiB)
23	getpath.h	588603EF387EB617668B00EAFDAEA393	183 bytes (183 bytes)
24	getprocname.h	F5781A9E267ED849FD4D2F5F3DFB8077	805 bytes (805 bytes)
25	includes.h	F4797AE4B2D5B3B252E0456020F58E59	629 bytes (629 bytes)
26	kill.c	C4BD132FC2FFBC84EA5103ABE6DC023D	555 bytes (555 bytes)
27	links.c	898D73E1AC14DE657316F084AADA58A0	2274 bytes (2.22 KiB)
28	local-door.c	76FC3E9E2758BAF48E1E9B442DB98BF8	501 bytes (501 bytes)
29	lpcap.h	EA6822B23FE02041BE506ED1A182E5CB	1690 bytes (1.65 KiB)
30	maps.c	9BCD90BEA8D9F9F6270CF2017F9974E2	1100 bytes (1.07 KiB)
31	misc.h	1F9FCC5D84633931CDD77B32DB1D50D0	2728 bytes (2.66 KiB)
32	netstat.c	00CF3F7E7EA92E7A954282021DD72DC4	1113 bytes (1.09 KiB)
33	open.c	F7EE88A523AD2477FF8EC17C9DCD7C02	8594 bytes (8.39 KiB)
34	pam.c	7A947FDC0264947B2D293E1F4D69684A	2010 bytes (1.96 KiB)
35	pam_private.h	2C60F925842CEB42FFD639E7C763C7B0	12480 bytes (12.19 KiB)
36	pam_vprompt.c	017FB0F736A0BC65431A25E1A9D393FE	3826 bytes (3.74 KiB)
37	passwd.c	A0D183BBE86D05E3782B5B24E2C96413	2364 bytes (2.31 KiB)
38	pcap.c	FF911CA192B111BD0D9368AFACA03C46	1295 bytes (1.26 KiB)
39	procstat.c	7B14E97649CD767C256D4CD6E4F8D452	398 bytes (398 bytes)
40	procstatus.c	72ED74C03F4FAB0C1B801687BE200F06	3303 bytes (3.23 KiB)
41	readwrite.c	C068ED372DEAF8E87D0133EAC0A274A8	2710 bytes (2.65 KiB)
42	rename.c	C36BE9C01FEADE2EF4D5EA03BD2B3C05	535 bytes (535 bytes)
43	setgid.c	5C023259F2C244193BDA394E2C0B8313	667 bytes (667 bytes)
44	sha256.h	003D805D919B4EC621B800C6C239BAE0	545 bytes (545 bytes)
45	socket.c	348AEF06AFA259BFC4E943715DB5A00B	579 bytes (579 bytes)
46	stat.c	E510EE1F78BD349E02F47A7EB001B0E3	7627 bytes (7.45 KiB)
47	syslog.c	7CD3273E09A6C08451DD598A0F18B570	1497 bytes (1.46 KiB)
48	umbreon.h	F76CAC6D564DEACFC6319FA167375BA5	4316 bytes (4.21 KiB)
49	unhide-funcs.c	1A9F62B04319DA84EF71A1B091434C64	4729 bytes (4.62 KiB)
50	cryptpass.py	2EA92D6EC59D85474ED7A91C8518E7EC	192 bytes (192 bytes)
51	environment.sh	70F467FE218E128258D7356B7CE328F1	1086 bytes (1.06 KiB)
52	espeon-connect.sh	A574C885C450FCA048E79AD6937FED2E	247 bytes (247 bytes)
53	espeon-shell	9EEF7E7E3C1BEE2F8591A088244BE0CB	2167 bytes (2.12 KiB)
54	espeon.c	499FF5CF81C2624B0C3B0B7E9C6D980D	14899 bytes (14.55 KiB)
55	listen.sh	69DA525AEA227BE9E4B8D59ACFF4D717	209 bytes (209 bytes)
56	spytty.sh	0AB776FA8A0FBED2EF26C9933C32E97C	1011 bytes (1011 bytes)
57	ssh-hidden.sh	AE54F343FE974302F0D31776B72D0987	127 bytes (127 bytes)
58	unfuck.c	457B6E90C7FA42A7C46D464FBF1D68E2	384 bytes (384 bytes)
59	unhide-self.py	B982597CEB7274617F286CA80864F499	986 bytes (986 bytes)
60	listen.sh	F5BD197F34E3D0BD8EA28B182CCE7270	233 bytes (233 bytes)

part 2 (those listed in the Trend Micro article)

#	File Name	Hash Value	File Size (on Disk)
1	015a84eb1d18beb310e7aeeceab8b84776078935c45924b3a10aa884a93e28ac	A47E38464754289C0F4A55ED7BB55648	9375 bytes (9.16 KiB)
2	0751cf716ea9bc18e78eb2a82cc9ea0cac73d70a7a74c91740c95312c8a9d53a	F9BA2429EAE5471ACDE820102C5B8159	7512 bytes (7.34 KiB)
3	0a4d5ffb1407d409a55f1aed5c5286d4f31fe17bc99eabff64aa1498c5482a5f	0AB776FA8A0FBED2EF26C9933C32E97C	1011 bytes (1011 bytes)
4	0ce8c09bb6ce433fb8b388c369d7491953cf9bb5426a7bee752150118616d8ff	B982597CEB7274617F286CA80864F499	986 bytes (986 bytes)
5	122417853c1eb1868e429cacc499ef75cfc018b87da87b1f61bff53e9b8e8670	9EEF7E7E3C1BEE2F8591A088244BE0CB	2167 bytes (2.12 KiB)
6	409c90ecd56e9abcb9f290063ec7783ecbe125c321af3f8ba5dcbde6e15ac64a	B4746BB5E697F23A5842ABCAED36C914	6149 bytes (6 KiB)
7	4fc4b5dab105e03f03ba3ec301bab9e2d37f17a431dee7f2e5a8dfadcca4c234	D0D97899131C29B3EC9AE89A6D49A23E	65160 bytes (63.63 KiB)
8	8752d16e32a611763eee97da6528734751153ac1699c4693c84b6e9e4fb08784	E7E82D29DFB1FC484ED277C702187818	55564 bytes (54.26 KiB)
9	991179b6ba7d4aeabdf463118e4a2984276401368f4ab842ad8a5b8b73088522	2B1863ACDC0068ED5D50590CF792DF05	7664 bytes (7.48 KiB)
10	a378b85f8f41de164832d27ebf7006370c1fb8eda23bb09a3586ed29b5dbdddf	A977F68C59040E40A822C384D1CEDEB6	176 bytes (176 bytes)
11	aa24deb830a2b1aa694e580c5efb24f979d6c5d861b56354a6acb1ad0cf9809b	DF320ED7EE6CCF9F979AEFE451877FFC	26 bytes (26 bytes)
12	acfb014304b6f2cff00c668a9a2a3a9cbb6f24db6d074a8914dd69b43afa4525	84D552B5D22E40BDA23E6587B1BC532D	6852 bytes (6.69 KiB)
13	c80d19f6f3372f4cc6e75ae1af54e8727b54b51aaf2794fedd3a1aa463140480	087DD79515D37F7ADA78FF5793A42B7B	11184 bytes (10.92 KiB)
14	e9bce46584acbf59a779d1565687964991d7033d63c06bddabcfc4375c5f1853	BBEB18C0C3E038747C78FCAB3E0444E3	71940 bytes (70.25 KiB)

Related posts

• Hack Tools Mac
• Hack Tools 2019
• Pentest Tools Tcp Port Scanner
• Hack Apps
• Hacking Tools For Windows 7
• Hackrf Tools
• How To Hack
• Tools For Hacker
• Pentest Box Tools Download
• Pentest Tools
• Hacker Tools 2020
• Hack Tools
• Pentest Tools Android
• Pentest Tools For Ubuntu
• Hacker Tools Apk
• Game Hacking
• Hack App
• Hack Tools For Pc
• Hack Tools Download
• Pentest Box Tools Download
• Hacking Tools Windows 10
• New Hack Tools
• Hacker Tools Free
• Pentest Tools
• Hacker Tools Free
• Hack And Tools
• Pentest Tools For Mac
• Nsa Hack Tools Download
• Pentest Tools For Ubuntu
• Pentest Automation Tools
• Hacking Tools Windows 10
• Hack Apps
• Top Pentest Tools
• Pentest Tools Alternative
• Hack Tools For Pc
• Hack Tools Pc
• Hacking Tools Pc
• Pentest Tools Website
• Hacker Tools Free
• Hacker Tools For Mac
• Pentest Tools Free
• Pentest Box Tools Download
• Pentest Tools Online
• Hack Tools Mac
• Hacking Tools Mac
• Hack Tools For Ubuntu
• Computer Hacker
• Hacking Tools For Beginners
• Kik Hack Tools
• Computer Hacker
• Pentest Tools Subdomain
• Pentest Tools Apk
• Pentest Tools Free
• Pentest Tools For Windows
• How To Make Hacking Tools
• Wifi Hacker Tools For Windows
• Black Hat Hacker Tools
• Usb Pentest Tools
• Hack Tools Github
• Pentest Tools Nmap
• Hack Website Online Tool
• Termux Hacking Tools 2019
• Hacking Tools Windows
• Kik Hack Tools
• Hacker Tools
• What Is Hacking Tools
• Hack Tool Apk No Root
• Hacker Tools Software
• Github Hacking Tools
• Hacking Tools For Windows 7
• Black Hat Hacker Tools
• Hack Tools
• Hacker Tools
• Hack Tools For Mac
• Hacking Tools Download
• Hack Apps
• Hacking Tools For Games
• Tools Used For Hacking
• Pentest Tools Windows
• Hacking Tools For Mac
• Pentest Tools Website
• Nsa Hack Tools Download
• What Are Hacking Tools
• Hack Tools
• Pentest Recon Tools
• Hacker Search Tools
• Pentest Tools For Mac
• Hacker Tools Online
• Pentest Tools Website Vulnerability
• What Are Hacking Tools
• Pentest Box Tools Download
• How To Install Pentest Tools In Ubuntu
• Hacker Tool Kit
• Nsa Hacker Tools
• Hackers Toolbox
• Hacking Tools
• Pentest Tools For Ubuntu
• Hacking Tools
• Pentest Tools Linux
• Ethical Hacker Tools
• Pentest Tools Open Source
• Wifi Hacker Tools For Windows
• Pentest Tools Review
• Hacking Tools Windows
• Bluetooth Hacking Tools Kali
• Hacker Tools Software
• Pentest Automation Tools
• Android Hack Tools Github
• Pentest Tools For Windows
• Hacking Tools For Pc
• Pentest Tools
• Kik Hack Tools
• Hacker Tools Apk
• Hacking Tools Usb
• Hacking Apps
• Hack Apps
• Hacker Tools For Ios
• Hacker Tools Free
• Hacker Tools 2019
• Pentest Tools Open Source
• Hacker Tools Hardware
• Hacking Apps
• Tools Used For Hacking
• New Hacker Tools
• Pentest Tools Nmap
• Hacker Tools Windows
• Pentest Box Tools Download
• Hacking Tools Windows 10
• Pentest Tools Open Source
• Beginner Hacker Tools
• Hacker Tools For Pc
• Hacks And Tools
• Beginner Hacker Tools
• Pentest Tools Bluekeep
• Hacker Tools Software
• Easy Hack Tools
• Pentest Tools Url Fuzzer
• What Are Hacking Tools
• Hacker Search Tools
• Pentest Tools Open Source
• Hacker Tools Linux
• Hacking Tools Usb
• What Are Hacking Tools
• Hackers Toolbox
• Pentest Tools Website
• Pentest Tools Kali Linux
• Pentest Tools Windows
• Pentest Tools List
• Hacking Tools For Games
• Hacker Tools List