SAMLRaider icon indicating copy to clipboard operation
SAMLRaider copied to clipboard
verified publisher icon CompassSecurity

XML Document parser messes up the document

Open northdpole opened this issue 9 years ago • 0 comments

Hey, sorry for the bad title Essentially, the strings provided by Burp's deocder (after url and Base64 decoding) and Raider are different in that the raider XML parser has attempted to "fix" the document and has added elements such as

   <?xml version="1.0" encoding="UTF-8"?>

also it has rearranged the document's elements or the attributes of the elements That makes raider fail to produce an acceptable request if the server implements schema validation or just expects it's own version of the xml document.

Here's also a test that will fail on the latest master branch

@Test
public void testXmlLoadsCorrectly() throws IOException, SAXException, ParserConfigurationException, TransformerException {
    String msg = messageSimpleSAMLphpWithSig;
    Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(msg);

    String docString = xmlHelpers.getString(document);
    assertTrue(docString.trim().replaceAll("\\s+", "").equalsIgnoreCase(msg));
}

The problem is with ipsilon and free ipa

northdpole avatar Jan 14 '16 13:01 northdpole