Support For XXE Attacks In SAML In Our Burp Suite Extension

In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).

Related articles

1. Hacking Tools Free Download
2. Hacker Tools Hardware
3. Best Hacking Tools 2020
4. Pentest Tools List
5. Easy Hack Tools
6. Hacker Tools Online
7. Hacker Tools For Windows
8. Pentest Tools Framework
9. Pentest Tools Alternative
10. Hacking Tools And Software
11. Hack Tools
12. Hacking Tools Name
13. Hack Tools Mac
14. Pentest Tools Url Fuzzer
15. Nsa Hack Tools
16. Hacker Tool Kit
17. What Is Hacking Tools
18. Hackers Toolbox
19. Hack Website Online Tool
20. Pentest Tools Linux
21. Ethical Hacker Tools
22. Hack Tools
23. Hack Apps
24. Hacker Tools For Ios
25. Hack Tools For Pc
26. Pentest Tools
27. Hacker Tools 2020
28. Pentest Tools Bluekeep
29. Hack Tools 2019
30. Pentest Tools For Windows
31. Pentest Automation Tools
32. Nsa Hacker Tools
33. Hacking Tools Usb
34. Hackers Toolbox
35. Hack Tools For Mac
36. Hacker Security Tools
37. How To Hack
38. Hacking Tools For Windows Free Download
39. Hack Tools 2019
40. Pentest Tools For Android
41. Pentest Tools Tcp Port Scanner
42. Hacks And Tools
43. Hacking Tools Hardware
44. Hacker Search Tools
45. Hacking Tools Kit
46. Free Pentest Tools For Windows
47. What Is Hacking Tools
48. Hack Tools Mac
49. Hak5 Tools
50. Hacking Tools And Software
51. Hacker Security Tools
52. Pentest Tools Nmap
53. World No 1 Hacker Software
54. Hack Tools Github
55. Pentest Tools For Windows
56. Hacker Tools Online
57. Hacking Tools And Software
58. Hacker Tools Free Download
59. Hacking App
60. Pentest Tools Tcp Port Scanner
61. Tools Used For Hacking
62. Hacking Tools Github
63. Hacking Tools For Games
64. Hacker Tools
65. Hacker Techniques Tools And Incident Handling
66. Pentest Tools Alternative
67. Beginner Hacker Tools
68. Hacker Tool Kit
69. Pentest Tools Free
70. Black Hat Hacker Tools
71. World No 1 Hacker Software
72. Hacker Tools For Ios
73. Pentest Tools Port Scanner
74. Pentest Tools Open Source