Initial commit

.classpath

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="src" output="target/classes" path="src/main/java">
+		<attributes>
+			<attribute name="optional" value="true"/>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
+		<attributes>
+			<attribute name="maven.pomderived" value="true"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="lib" path="lib/burpsuite_free_v1.6.01.jar"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/java-7-openjdk"/>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>

.gitignore

@@ -0,0 +1,7 @@
+*.swp
+.settings
+*.class
+bin/
+lib/burpsuite_*.jar
+target/
+SAMLRaiderDebug.log

.project

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>SAMLBurpPlugin</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+	</natures>
+</projectDescription>

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Roland Bischofberger and Emanuel Duss
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,90 @@
+# SAML Raider - SAML2 Burp Extension
+
+## Description
+
+SAML Raider is a Burp Suite extension for testing SAML infrastructures. It
+contains two core functionalities: Manipulating SAML Messages and manage X.509
+certificates.
+
+This software was created by Roland Bischofberger and Emanuel Duss during
+a bachelor thesis at the [Hochschule für Technik
+Rapperswil](https://www.hsr.ch) (HSR). Our project partner and advisor was
+[Compass Security Schweiz AG](https://www.csnc.ch). We thank Compass for the
+nice collaboration and support during our bachelor thesis.
+
+## Features
+
+The extension is divided in two parts. A SAML message editor and a certificate
+management tool.
+
+### Message Editor
+
+Features of the SAML Raider message editor:
+
+* Sign SAML Messages
+* Sign SAML Assertions
+* Remove Signatures
+* Edit SAML Message
+* Preview eight common XSW Attacks
+* Execute eight common XSW Attacks
+* Send certificate to SAMl Raider Certificate Management
+* Undo all changes of a SAML Message
+
+![Message Editor](doc/message_editor.png)
+
+### Certificate Management
+
+Features of the SAML Raider Certificate Management:
+
+* Import X.509 certificates (PEM and DER format)
+* Import X.509 certificate chains
+* Export X.509 certificates (PEM format)
+* Delete imported X.509 certificates
+* Display informations of X.509 certificates
+* Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format)
+* Export private keys (traditional RSA Key PEM Format)
+* Cloning X.509 certificates
+* Cloning X.509 certificate chains
+* Create new X.509 certificates
+* Editing and self-sign existing X.509 certificates
+
+![Certificate Management](doc/certificate_management.png)
+
+## Download
+
+
+## Installation
+
+Start the Burp Suite and click at the `Extender` tab on `Add`. Choose the SAML
+Raider JAR file to install the extension.
+
+
+## Usage
+
+To test SAML environments more comfortable, you could add a intercept rule in
+the proxy settings. Add a new rule which checks if a Parameter Name
+`SAMLResponse` is in the request. We hope the usage of our extension is mostly
+self explaining :smile:.
+
+## Build
+
+Clone the repository and build the JAR file using Maven:
+
+    $ mvn install
+
+Use the JAR file in `target/saml-raider-1.0-SNAPSHOT-jar-with-dependencies.jar`
+as a Burp extension.
+
+## Bachelor Thesis
+
+As soon as our thesis is online, we will publish the link here.
+
+## License
+
+See the [LICENSE](LICENSE) file (MIT License) for license rights and
+limitations.
+
+## Authors
+
+* Roland Bischofberger (GitHub: [RouLee](https://github.com/RouLee))
+* Emanuel Duss (GitHub: [mindfuckup](https://github.com/mindfuckup))

pom.xml

@@ -0,0 +1,78 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<name>SAML Raider</name>
+    <url>http://github.com/SAMLRaider/SAMLRaider</url>
+	<description>Burp Suite Plugin for testing SAML2</description>
+	<groupId>ch.hsr</groupId>
+	<artifactId>saml-raider</artifactId>
+	<version>1.0-SNAPSHOT</version>
+	<modelVersion>4.0.0</modelVersion>
+	  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+  </properties>
+	<dependencies>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>4.12</version>
+		</dependency>
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcprov-jdk15on</artifactId>
+			<version>1.52</version>
+		</dependency>
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcpkix-jdk15on</artifactId>
+			<version>1.52</version>
+		</dependency>
+		<dependency>
+			<groupId>com.fifesoft</groupId>
+			<artifactId>rsyntaxtextarea</artifactId>
+			<version>2.5.6</version>
+		</dependency>
+		<dependency>
+			<groupId>com.h3xstream.retirejs</groupId>
+			<artifactId>burp-api</artifactId>
+			<version>1.0.0</version>
+		</dependency>
+		<dependency>
+			<groupId>com.sun.xml.security</groupId>
+			<artifactId>xml-security-impl</artifactId>
+			<version>1.0</version>
+		</dependency>
+	</dependencies>
+	<build>
+		<plugins>
+			<plugin>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<version>3.1</version>
+				<configuration>
+					<source>1.7</source>
+					<target>1.7</target>
+					<descriptorRefs>
+						<descriptorRef>jar-with-dependencies</descriptorRef>
+					</descriptorRefs>
+				</configuration>
+			</plugin>
+			<plugin>
+				<artifactId>maven-assembly-plugin</artifactId>
+				<version>2.2</version>
+				<configuration>
+					<descriptorRefs>
+						<descriptorRef>jar-with-dependencies</descriptorRef>
+					</descriptorRefs>
+				</configuration>
+				<executions>
+					<execution>
+						<id>make-assembly</id>
+						<phase>package</phase>
+						<goals>
+							<goal>single</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
+		</plugins>
+	</build>
+</project>