2020. augusztus 29., szombat

Support For XXE Attacks In SAML In Our Burp Suite Extension


In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
Related posts

  1. Pentest Tools Website
  2. Pentest Tools Windows
  3. Hacking Tools Pc
  4. Hack Website Online Tool
  5. Physical Pentest Tools
  6. Pentest Tools Android
  7. How To Install Pentest Tools In Ubuntu
  8. Hacker Tools Hardware
  9. Hacker Tool Kit
  10. Hacking Tools For Kali Linux
  11. Growth Hacker Tools
  12. Hacking Tools For Windows
  13. Pentest Tools Tcp Port Scanner
  14. Hacker Security Tools
  15. Pentest Tools Linux
  16. Hacking Tools For Beginners
  17. World No 1 Hacker Software
  18. Hak5 Tools
  19. Hacking Tools For Kali Linux
  20. Pentest Tools Windows
  21. Nsa Hacker Tools
  22. Pentest Tools Website
  23. Hak5 Tools
  24. Hacking Tools For Beginners
  25. Hack Website Online Tool
  26. Hacking Tools Pc
  27. New Hacker Tools
  28. Pentest Tools Open Source
  29. Hack Tools For Mac
  30. Hacker Tools For Mac
  31. Hacking Tools Online
  32. Top Pentest Tools
  33. Hacker Techniques Tools And Incident Handling
  34. Pentest Box Tools Download
  35. Pentest Automation Tools
  36. Hacking Tools For Pc
  37. Pentest Tools For Windows
  38. How To Install Pentest Tools In Ubuntu
  39. Computer Hacker
  40. Tools 4 Hack
  41. Hacker Tools For Windows
  42. Hacking Tools For Windows Free Download
  43. Blackhat Hacker Tools
  44. Termux Hacking Tools 2019
  45. Game Hacking
  46. Hacking Tools For Mac
  47. Hacker Security Tools
  48. Hacks And Tools
  49. Pentest Tools Bluekeep
  50. Pentest Tools Android
  51. Hacking Tools Free Download
  52. Hack Tools Pc
  53. Termux Hacking Tools 2019
  54. Hacker Tools Online
  55. Pentest Tools Url Fuzzer
Bejegyezte: dátum:

Nincsenek megjegyzések:

Megjegyzés küldése

Feliratkozás: Megjegyzések küldése (Atom)