SAMLRaider
SAMLRaider copied to clipboard
CompassSecurity
SAML2 Burp Extension
I'm facing the issue using SAMLRaider v1.4.1 with Burp Suite Professional v2022.3.9 The plugin doesn't work with signatures. I cannot import signatures, for example. Button "Send Certificate to SAML Raider...
Hey, sorry for the bad title Essentially, the strings provided by Burp's deocder (after url and Base64 decoding) and Raider are different in that the raider XML parser has attempted...
What if my target application is sending the SAML assertions base64 encoded? The SAML Raider tab is not appearing, so I'm not able to modify any SAML assertion. Any idea...
I am trying XSW1 but the signature is turning out to be invalid after the transformation. Turns out the SAML Raider is losing whitespace, and so the canonicalized output is...
The SAMLRaider request editor had the string "" when intercepting some WSS SAML requests. The stack trace was a RuntimeException: "com.sun.org.apache.xerces.internal.dom.DeferredTextImpl cannot be cast to org.w3c.dom.Element". I narrowed this down...
When the `SAMLResponse` parameter for example is invalid (e.g. SAMLResponse=x), clicking on the SAML Raider tab freezes Burp and I need to close it and re-open it.
Recently, I have encountered a couple of SAML implementations where the service provider does not accept the output generated by SAMLRaider. I have tested this by making a change in...
I am working with an implementation that does not deflate before base64 encoding. It seems SAML raider does this as default, because of this it is causing all my requests...
Hi, Can SAML requests embedded within JSON be detected? I could also take a stab at it but where should I begin? Excellent tool BTW. Thank you
