-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit 9ed34d3
Showing
70 changed files
with
10,860 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<classpath> | ||
<classpathentry kind="src" output="target/test-classes" path="src/test/java"> | ||
<attributes> | ||
<attribute name="optional" value="true"/> | ||
<attribute name="maven.pomderived" value="true"/> | ||
</attributes> | ||
</classpathentry> | ||
<classpathentry kind="src" output="target/classes" path="src/main/java"> | ||
<attributes> | ||
<attribute name="optional" value="true"/> | ||
<attribute name="maven.pomderived" value="true"/> | ||
</attributes> | ||
</classpathentry> | ||
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"> | ||
<attributes> | ||
<attribute name="maven.pomderived" value="true"/> | ||
</attributes> | ||
</classpathentry> | ||
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"> | ||
<attributes> | ||
<attribute name="maven.pomderived" value="true"/> | ||
</attributes> | ||
</classpathentry> | ||
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"> | ||
<attributes> | ||
<attribute name="maven.pomderived" value="true"/> | ||
</attributes> | ||
</classpathentry> | ||
<classpathentry kind="lib" path="lib/burpsuite_free_v1.6.01.jar"/> | ||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/java-7-openjdk"/> | ||
<classpathentry kind="output" path="target/classes"/> | ||
</classpath> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
*.swp | ||
.settings | ||
*.class | ||
bin/ | ||
lib/burpsuite_*.jar | ||
target/ | ||
SAMLRaiderDebug.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<projectDescription> | ||
<name>SAMLBurpPlugin</name> | ||
<comment></comment> | ||
<projects> | ||
</projects> | ||
<buildSpec> | ||
<buildCommand> | ||
<name>org.eclipse.jdt.core.javabuilder</name> | ||
<arguments> | ||
</arguments> | ||
</buildCommand> | ||
<buildCommand> | ||
<name>org.eclipse.m2e.core.maven2Builder</name> | ||
<arguments> | ||
</arguments> | ||
</buildCommand> | ||
</buildSpec> | ||
<natures> | ||
<nature>org.eclipse.m2e.core.maven2Nature</nature> | ||
<nature>org.eclipse.jdt.core.javanature</nature> | ||
</natures> | ||
</projectDescription> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
The MIT License (MIT) | ||
|
||
Copyright (c) 2015 Roland Bischofberger and Emanuel Duss | ||
|
||
Permission is hereby granted, free of charge, to any person obtaining a copy | ||
of this software and associated documentation files (the "Software"), to deal | ||
in the Software without restriction, including without limitation the rights | ||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
copies of the Software, and to permit persons to whom the Software is | ||
furnished to do so, subject to the following conditions: | ||
|
||
The above copyright notice and this permission notice shall be included in all | ||
copies or substantial portions of the Software. | ||
|
||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
# SAML Raider - SAML2 Burp Extension | ||
|
||
## Description | ||
|
||
SAML Raider is a Burp Suite extension for testing SAML infrastructures. It | ||
contains two core functionalities: Manipulating SAML Messages and manage X.509 | ||
certificates. | ||
|
||
This software was created by Roland Bischofberger and Emanuel Duss during | ||
a bachelor thesis at the [Hochschule für Technik | ||
Rapperswil](https://www.hsr.ch) (HSR). Our project partner and advisor was | ||
[Compass Security Schweiz AG](https://www.csnc.ch). We thank Compass for the | ||
nice collaboration and support during our bachelor thesis. | ||
|
||
## Features | ||
|
||
The extension is divided in two parts. A SAML message editor and a certificate | ||
management tool. | ||
|
||
### Message Editor | ||
|
||
Features of the SAML Raider message editor: | ||
|
||
* Sign SAML Messages | ||
* Sign SAML Assertions | ||
* Remove Signatures | ||
* Edit SAML Message | ||
* Preview eight common XSW Attacks | ||
* Execute eight common XSW Attacks | ||
* Send certificate to SAMl Raider Certificate Management | ||
* Undo all changes of a SAML Message | ||
|
||
![Message Editor](doc/message_editor.png) | ||
|
||
### Certificate Management | ||
|
||
Features of the SAML Raider Certificate Management: | ||
|
||
* Import X.509 certificates (PEM and DER format) | ||
* Import X.509 certificate chains | ||
* Export X.509 certificates (PEM format) | ||
* Delete imported X.509 certificates | ||
* Display informations of X.509 certificates | ||
* Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format) | ||
* Export private keys (traditional RSA Key PEM Format) | ||
* Cloning X.509 certificates | ||
* Cloning X.509 certificate chains | ||
* Create new X.509 certificates | ||
* Editing and self-sign existing X.509 certificates | ||
|
||
![Certificate Management](doc/certificate_management.png) | ||
|
||
## Download | ||
|
||
|
||
## Installation | ||
|
||
Start the Burp Suite and click at the `Extender` tab on `Add`. Choose the SAML | ||
Raider JAR file to install the extension. | ||
|
||
|
||
## Usage | ||
|
||
To test SAML environments more comfortable, you could add a intercept rule in | ||
the proxy settings. Add a new rule which checks if a Parameter Name | ||
`SAMLResponse` is in the request. We hope the usage of our extension is mostly | ||
self explaining :smile:. | ||
|
||
## Build | ||
|
||
Clone the repository and build the JAR file using Maven: | ||
|
||
$ mvn install | ||
|
||
Use the JAR file in `target/saml-raider-1.0-SNAPSHOT-jar-with-dependencies.jar` | ||
as a Burp extension. | ||
|
||
## Bachelor Thesis | ||
|
||
As soon as our thesis is online, we will publish the link here. | ||
|
||
## License | ||
|
||
See the [LICENSE](LICENSE) file (MIT License) for license rights and | ||
limitations. | ||
|
||
## Authors | ||
|
||
* Roland Bischofberger (GitHub: [RouLee](https://github.com/RouLee)) | ||
* Emanuel Duss (GitHub: [mindfuckup](https://github.com/mindfuckup)) |
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> | ||
<name>SAML Raider</name> | ||
<url>http://github.com/SAMLRaider/SAMLRaider</url> | ||
<description>Burp Suite Plugin for testing SAML2</description> | ||
<groupId>ch.hsr</groupId> | ||
<artifactId>saml-raider</artifactId> | ||
<version>1.0-SNAPSHOT</version> | ||
<modelVersion>4.0.0</modelVersion> | ||
<properties> | ||
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> | ||
</properties> | ||
<dependencies> | ||
<dependency> | ||
<groupId>junit</groupId> | ||
<artifactId>junit</artifactId> | ||
<version>4.12</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.bouncycastle</groupId> | ||
<artifactId>bcprov-jdk15on</artifactId> | ||
<version>1.52</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>org.bouncycastle</groupId> | ||
<artifactId>bcpkix-jdk15on</artifactId> | ||
<version>1.52</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.fifesoft</groupId> | ||
<artifactId>rsyntaxtextarea</artifactId> | ||
<version>2.5.6</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.h3xstream.retirejs</groupId> | ||
<artifactId>burp-api</artifactId> | ||
<version>1.0.0</version> | ||
</dependency> | ||
<dependency> | ||
<groupId>com.sun.xml.security</groupId> | ||
<artifactId>xml-security-impl</artifactId> | ||
<version>1.0</version> | ||
</dependency> | ||
</dependencies> | ||
<build> | ||
<plugins> | ||
<plugin> | ||
<artifactId>maven-compiler-plugin</artifactId> | ||
<version>3.1</version> | ||
<configuration> | ||
<source>1.7</source> | ||
<target>1.7</target> | ||
<descriptorRefs> | ||
<descriptorRef>jar-with-dependencies</descriptorRef> | ||
</descriptorRefs> | ||
</configuration> | ||
</plugin> | ||
<plugin> | ||
<artifactId>maven-assembly-plugin</artifactId> | ||
<version>2.2</version> | ||
<configuration> | ||
<descriptorRefs> | ||
<descriptorRef>jar-with-dependencies</descriptorRef> | ||
</descriptorRefs> | ||
</configuration> | ||
<executions> | ||
<execution> | ||
<id>make-assembly</id> | ||
<phase>package</phase> | ||
<goals> | ||
<goal>single</goal> | ||
</goals> | ||
</execution> | ||
</executions> | ||
</plugin> | ||
</plugins> | ||
</build> | ||
</project> |
Oops, something went wrong.