Saturday, 29 August 2020

Support For XXE Attacks In SAML In Our Burp Suite Extension


In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

Related news


  1. Pentest Tools Website
  2. Hack Tools 2019
  3. Pentest Tools Linux
  4. Tools 4 Hack
  5. Hacking Tools Download
  6. What Is Hacking Tools
  7. Hacking Tools 2019
  8. Free Pentest Tools For Windows
  9. How To Make Hacking Tools
  10. Hackrf Tools
  11. Best Hacking Tools 2019
  12. Hacks And Tools
  13. Pentest Tools Free
  14. Pentest Tools Windows
  15. New Hacker Tools
  16. Hacking Tools Download
  17. Termux Hacking Tools 2019
  18. Hack Tools For Mac
  19. Pentest Tools Open Source
  20. Hacker Tools Mac
  21. Hacking Tools For Pc
  22. Hacking Tools Usb
  23. Hack Tools Pc
  24. Physical Pentest Tools
  25. Hacker Tools Linux
  26. How To Install Pentest Tools In Ubuntu
  27. Hacker
  28. Pentest Tools Alternative
  29. Hacking Tools For Pc
  30. Hak5 Tools
  31. Pentest Tools Url Fuzzer
  32. Hacker Security Tools
  33. Hack And Tools
  34. Pentest Reporting Tools
  35. Ethical Hacker Tools
  36. Hacking Tools Usb
  37. Hacker Tools Apk Download
  38. Hack Tools Github
  39. Hack Tools For Pc
  40. Pentest Tools Android
  41. Pentest Tools Tcp Port Scanner
  42. Pentest Tools Subdomain
  43. Pentest Tools Review
  44. Ethical Hacker Tools
  45. Hacking Tools Windows
  46. Hacker Tools For Pc
  47. Hack App
  48. Pentest Reporting Tools
  49. Hacking Tools Windows
  50. Bluetooth Hacking Tools Kali
  51. Pentest Tools Review
  52. Hacker Tools Github
  53. Hacking Tools Name
  54. Tools 4 Hack
  55. Hacker Tools
  56. Ethical Hacker Tools
  57. Nsa Hack Tools
  58. Hacking Tools
  59. Tools Used For Hacking
  60. Hacker Tools Windows
  61. Hacker Tools Apk
  62. Hacker Tools Hardware
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)