Senin, 24 Agustus 2020

Support For XXE Attacks In SAML In Our Burp Suite Extension


In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
Related posts
  1. Hack Tools Mac
  2. World No 1 Hacker Software
  3. Best Hacking Tools 2019
  4. Pentest Tools Apk
  5. Hacking Tools For Beginners
  6. Pentest Tools Bluekeep
  7. Best Hacking Tools 2019
  8. Hack Tools Download
  9. Pentest Tools For Mac
  10. Pentest Box Tools Download
  11. Hacker Tools Linux
  12. Game Hacking
  13. Hacking Tools Hardware
  14. Pentest Tools For Mac
  15. Top Pentest Tools
  16. Github Hacking Tools
  17. Hacker Tools Github
  18. Hack Tools Pc
  19. Hacker Tool Kit
  20. Hacking Tools 2020
  21. Hack Tools Mac
  22. Pentest Tools Subdomain
  23. Hacker Tools Software
  24. Hacker Tools 2020
  25. Pentest Tools Linux
  26. Hack Tools Mac
  27. Hacking Tools For Mac
  28. Pentest Automation Tools
  29. New Hacker Tools
  30. Nsa Hack Tools Download
  31. Pentest Tools For Ubuntu
  32. Hackers Toolbox
  33. Hacking Tools For Windows 7
  34. Hacking Tools Download
  35. Hack Tools Mac
  36. Hacking App
  37. Pentest Tools Kali Linux
  38. Hacker Security Tools
  39. Hacker Tools Apk Download
  40. Pentest Tools Kali Linux
  41. Hack Website Online Tool
  42. Pentest Tools For Android
  43. Hack Tools Download
  44. Hack Tools For Games
  45. Pentest Tools Windows
  46. Pentest Tools Free
  47. Nsa Hack Tools
  48. Hacker Tools For Windows
  49. Hacker Tool Kit
  50. Best Hacking Tools 2019
  51. Best Hacking Tools 2019
  52. Hacking Tools For Pc
  53. Usb Pentest Tools
  54. Hack Website Online Tool
  55. What Are Hacking Tools
  56. Ethical Hacker Tools
  57. Hacking Tools Mac
  58. Hacking Tools For Windows 7
  59. Growth Hacker Tools
  60. Hack Tools Online
  61. Install Pentest Tools Ubuntu
  62. Hacker Tools Online
  63. Pentest Tools Subdomain
  64. Pentest Tools Subdomain
  65. Hacking Tools For Mac
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)