Skip to content

5up3rc/BurpSSOExtension

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

314 Commits

doc/apidocs

doc/apidocs

 
 

src

src

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

BappDescription.html

BappDescription.html

 
 

BappManifest.bmf

BappManifest.bmf

 
 

README.md

README.md

 
 

license_header.txt

license_header.txt

 
 

pom.xml

pom.xml

 
 

Repository files navigation

EsPReSSO

Build Status licence release status

Extension for Processing and Recognition of Single Sign-On Protocols

The extension is based on the BurpSSO Extension, developed by the Chair of Network and Data Security, Ruhr University Bochum and the Hackmanit GmbH. The extension is part of a bachelor thesis by Tim Guenther at the Ruhr-University Bochum in cooperation with Context Information Security Ltd..

Features

Detecting

Supported Protocols:

  • SAML
  • OpenID
  • OAuth
  • BrowserId
  • OpenID Connect
  • Facebook Connect
  • Microsoft Account

Attacking

  • WS-Attacker integration while intercepting SAML messages
  • DTD-Attacker integration while intercepting SAML messages

Beautifier

  • Syntax Highlight
  • Highlight SSO messages in proxy window and display the protocol type
  • Show all recognized SSO messages in a history tab
  • Context menu for 'Analyze SSO Protocol'

Editors/Viewers

  • View and edit SAML
  • View JSON and JSON Web Token (JWT)

Build

$ mvn clean package

(Please start Burp with Java 1.8)

Installation and Usage

  • Build the JAR file as described above, or download it from releases.
  • Load the JAR file from the target folder into Burp's Extender. (Start Burp with Java 1.8)
  • SSO messages are highlighted automatically in Burp's HTTP history (Proxy tab).
  • SAML, JSON and JWT editors and viewers attached automatically.
  • A SSO History, Options and Help can be found in a new tab called 'EsPReSSO'.

Dependencies and Licences

Dependencie Licence Access Date Link Copyright (c) Date, Name
RSyntaxTextArea modified BSD license 20.09.2015 https://github.com/bobbylight/RSyntaxTextArea 2012, Robert Futrell
json-simple Apache License 2.0 20.09.2015 https://code.google.com/p/json-simple/ Unkown, Yidong Fang
WSAttacker GNU General Public License v2.0 20.09.2015 https://github.com/RUB-NDS/WS-Attacker/ 2012, Christain Mainka, Andreas Falkenberg, Jurai Somorovski, et al.
junit Eclipse Public License 1.0 12.03.2018 https://github.com/junit-team/junit4 Unkown, Erich Gamma and Kent Beck.
jutf7 MIT license 12.03.2018 https://sourceforge.net/projects/jutf7/ 2011, Jaap Beetstra
commons-io Apache License 2.0 12.03.2018 https://github.com/apache/commons-io 2012, Scott Sanders, et al.

Tested with:

  • Java 1.8.0._151
  • Burp Suite 1.7.32
  • Ubuntu 16.04.3 LTS, amd64
  • Netbeans 8.2
  • Maven 3.3.9

About

An extension for BurpSuite that highlights SSO messages in Burp's proxy window..

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

10 tags

Packages

No packages published

Languages

  • Java 99.8%
  • HTML 0.2%