You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Per the SAML specification, any exchanged SAML payload should be in a parameter named SAMLRequest or SAMLResponse. However, developers occasionally don't follow spec, and use a differently-named parameter. This makes attempting SAML attacks with SAMLRaider difficult.
It would be desirable to have a feature where the target parameter (or a list thereof) could be customized. That way, if an application is out-of-spec, the list of potential parameters could be modified accordingly.
The text was updated successfully, but these errors were encountered:
Thanks for your input. I have not seen that so far but I believe you that this could be done sometimes. I'll consider that configuration option in a future release. But I can't tell you when I will work the next time on SAML Raider.
However, if you need this now, a quick fix / hack / workaround could be to use two Burp instances behind each other (one Burp instance is the upstream proxy of the other). The first will then perform a search/replace for SAMLRequest/SAMLResponse to the custom parameter name and vice-versa. I have not tried it but this should work somehow.
Per the SAML specification, any exchanged SAML payload should be in a parameter named
SAMLRequest
orSAMLResponse
. However, developers occasionally don't follow spec, and use a differently-named parameter. This makes attempting SAML attacks with SAMLRaider difficult.It would be desirable to have a feature where the target parameter (or a list thereof) could be customized. That way, if an application is out-of-spec, the list of potential parameters could be modified accordingly.
The text was updated successfully, but these errors were encountered: