Friday, August 21, 2020

Support For XXE Attacks In SAML In Our Burp Suite Extension


In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

Read more


  1. Hack Tools For Windows
  2. Hack Rom Tools
  3. Tools Used For Hacking
  4. Hack Rom Tools
  5. Hack Tools 2019
  6. Hacker Tools Online
  7. Hacker Tools For Ios
  8. Hack Tools Online
  9. Hack Tools For Mac
  10. Hacker Tools Software
  11. Pentest Tools Tcp Port Scanner
  12. Pentest Tools Windows
  13. Pentest Tools Linux
  14. Hacking Tools For Windows Free Download
  15. Top Pentest Tools
  16. Ethical Hacker Tools
  17. Pentest Tools List
  18. Hacking Tools Download
  19. Free Pentest Tools For Windows
  20. Hak5 Tools
  21. Hack Tool Apk No Root
  22. Physical Pentest Tools
  23. Pentest Tools Website
  24. Hacker
  25. Hacker Tools For Mac
  26. Hackrf Tools
  27. Hack Tools For Pc
  28. Beginner Hacker Tools
  29. Pentest Tools Website
  30. Pentest Tools Online
  31. Pentest Tools Free
  32. Hacker Tools 2019
  33. Top Pentest Tools
  34. Hacker Tools Apk Download
  35. Pentest Tools List
  36. Usb Pentest Tools
  37. Hacker Tools Software
  38. Pentest Tools Framework
  39. Hack Tools For Pc
  40. Pentest Tools For Android
  41. New Hack Tools
  42. Growth Hacker Tools
  43. Easy Hack Tools
  44. Hacking Tools 2019
  45. Hacker Tools Github
  46. Hack App
  47. Free Pentest Tools For Windows
  48. Hacker Tools Mac
  49. Hack Tools For Games
  50. Hack Tools
  51. Nsa Hacker Tools
  52. Hacker Tools Online
  53. Pentest Automation Tools
  54. Pentest Tools Free
  55. Growth Hacker Tools
  56. Tools 4 Hack

No comments:

Post a Comment