viernes, 21 de agosto de 2020

Support For XXE Attacks In SAML In Our Burp Suite Extension


In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1

New SAML editor

Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST).

Redesigned SAML Encoder/Decoder

Enhancement of the SAML attacker

XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.
The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.

DTD Attacker for SAML messages

Supporting further attacks

We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.

Additional functions will follow in later versions.

Currently we are working on XML Encryption attacks.

This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.

The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
Read more
  1. Top Pentest Tools
  2. Install Pentest Tools Ubuntu
  3. Game Hacking
  4. Pentest Tools Free
  5. Pentest Tools Windows
  6. Best Hacking Tools 2019
  7. Hack Tools For Games
  8. Hacking Tools Kit
  9. Kik Hack Tools
  10. Top Pentest Tools
  11. Hacking Tools For Windows 7
  12. Hack Tools 2019
  13. Top Pentest Tools
  14. Hack Tools For Windows
  15. Hacking Tools Hardware
  16. Pentest Tools Github
  17. Tools Used For Hacking
  18. Pentest Tools Online
  19. Pentest Box Tools Download
  20. Pentest Tools For Mac
  21. Hackers Toolbox
  22. Pentest Tools Website
  23. Pentest Tools For Android
  24. Pentest Tools For Windows
  25. Pentest Tools Find Subdomains
  26. Pentest Tools Open Source
  27. Pentest Tools Github
  28. Hacking Tools Mac
  29. Pentest Tools Online
  30. Pentest Tools Download
  31. Hacker Tools For Pc
  32. Easy Hack Tools
  33. Pentest Recon Tools
  34. Hacking Tools For Pc
  35. Tools For Hacker
  36. Hacking Tools Windows
  37. Hacking Tools And Software
  38. Pentest Tools Online
  39. Hacking Tools Mac
  40. What Are Hacking Tools
  41. Nsa Hacker Tools
  42. Hacking Tools Windows
  43. Tools Used For Hacking
  44. Pentest Tools Tcp Port Scanner
  45. Hackers Toolbox
  46. Hacking Tools For Games
  47. How To Make Hacking Tools
  48. Pentest Reporting Tools
  49. Hacker Tools Software
  50. Pentest Tools Free
  51. Hacker Tool Kit
  52. Hacking App
  53. Hack Website Online Tool
  54. How To Make Hacking Tools
  55. Top Pentest Tools
  56. Pentest Tools Linux
  57. Pentest Tools Framework
  58. Hak5 Tools
  59. Install Pentest Tools Ubuntu
  60. Pentest Automation Tools
  61. Pentest Tools For Android
  62. Hacking Tools Pc
  63. Hack Tool Apk No Root
  64. Hacking Tools Hardware
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)