Pre-Release v2.0.3-rc1

• Fixes #78

Full Changelog: v2.0.2...v2.0.3-rc1

v2.0.2

What's Changed

• Fixes CertificateTree breaks theming by @t-hg in #76

Full Changelog: v2.0.1...v2.0.2

Release v2.0.1

• Fix SAMLRequest not displayed in SAML Message Info Panel in prettified form
• Fix Info Panel Editor not cleared

Release v2.0.0

This release was focused on:

• Improve Developer Experience
  • Migration to Montoya API
  • Migration to Gradle
  • Migration to JUnit 5 (Jupiter)
  • Live Testing Tab
• Improve User Experience
  • Cleaner UI for Certificate Tab
• Bug fixes
  • Issue #40
  • Issue #64
  • Issue #65

What's Changed

• Streamlining the build process by @t-hg in #70
• Thort/samlraider v2 by @t-hg in #72

New Contributors

• @t-hg made their first contribution in #70

Full Changelog: v1.4.1...v2.0.0

Release v1.4.1

This is a bugfix release which makes SAML Raider working again in the latest Java version.

Bugfixes:

• Broken "Sign Assertion" / "Sign Message" feature in latest Java version (issue: #60 and #42, fix: ae47ed2)
• Broken "Send certificates to SAML Raider Certificates" in latest Java version (mentioned in issue #42, fix: 1b117f0)
• Problems with newlines in URL encoded messages (PR: #57)

Thanks @edmacke for testing the new version and @antoinet for your PR.

In addition, some libraries were updated to the latest version:

• bcprov-jdk15on from 1.52 to 1.67: (PR: #55)
• xmlsec from 2.1.4 to 2.1.7 (PR: #56)
• xercesImpl from 2.12.0 to 2.12.2 (PR: #58)

Release v1.4.0

This release contains:

• UI refresh (button reordering, message information are now shown in another tab to save some space, especially in repeater mode)
• Introduction of a new raw mode which prevents SAML Raider from parsing the XML before sending it to the server (useful for XXE attacks)

Bugfixes:

• XSW9 was removed from the menu because it did not work

Release 1.3.0

First release in 2021 which contains new features:

• XSW match/replace function for faster XSW attacks
• XSW9 Attack (SimpleSAMLphp Nov2019 Auth Bypass)
• Buttons to directly apply XXE and XSLT attack (note: XXE does still not work correctly, see #22)
• Use Burp Suite text editor (introduces search functionality again)
• Parameter names of the SAML request and responses can now be configured in the certificate tab

Bug fixes:

• Bug fix in XSW1 and XSW2

Thanks a lot @simioni87 for your awesome contribution (#49)!

Happy SAML hacking 🤘

Release v1.2.5

I forgot to include the updates from the PortSwigger repository. This fixed that the extension works with OpenJDK 11

Release v1.2.4

This is a bugfix release.

This release fixes the following issues:

• XMLHelpers: fix signElement used by signMessage in cases where the XML doc is beautified. PR #41
• Bumps xmlsec from 2.1.2 to 2.1.4. PR #43

Thanks @cnotin for your PR!

Release v1.2.3

This is a bugfix release.

This release fixes the following issues:

• #35 (SAML messages were not editable in newer Java versions)
• #14 (Unnecessary console output)

Note:

• Because the RSyntaxTextArea was replaced with a normal Java Swing JTextArea, no syntax highlighting or text search is available anymore.

Enjoy your SAML testing 🤘