SAMLRaider
SAMLRaider copied to clipboard
CompassSecurity
SAML2 Burp Extension
It's not possible to clone the certificate if the serial number of the certificate is negative.
Implement https://github.com/pwntester/DupeKeyInjector in SAMLRaider, so only one tool is needed for testing SAML.
The popular SAML library SimpleSAMLphp had an auth bypass vuln in Nov 2019 [here](https://simplesamlphp.org/security/201911-01). This is a novel XSW attack that could be added into SAMLRaider functionality. I was able...
In real-world cases, the SAMLResponse is often only valid for 10 seconds or similar. It would be nice to have a way to use the XSW attacks in an automated...
I haven't found a pattern yet, but the "Parsed & Prettified" XML section of the "SAML Message Info" tab will be blank. It doesn't appear to be anything wrong with...
Add new XSW10 attack. This can e.g. be used to exploit CVE-2021-28091 (https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0): ``` 2.7.0 - June 1st 2021 ---------------------- 36 commits, 45 files changed, 1945 insertions, 177 deletions *...
  I think the format of certificate is right.When I selected the certificate and clicked `Send Certificate to SAML Raider Certificates`, error appeared
Using v1.4.1 of SAMLRaider in Burp Suite Pro v2023.5.2 (although the bug has shown up in versions before 2023.5.2, as well). When the SAMLRaider extension is enabled and the proxy...
Bumps org.apache.santuario:xmlsec from 2.1.7 to 2.2.6. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Hi all. In the current state of the awesome SAMLRaider, it is not possible to remove signatures from an AuthnRequest, but it is not possible to re-sign them with a...
