Emanuel Duss

Released https://github.com/CompassSecurity/SAMLRaider/releases/tag/v1.3.0.

The current implementation does not work. See https://github.com/CompassSecurity/SAMLRaider/pull/49#issuecomment-775958360.

Hi jcmoreno Thanks for the positive feedback! Sadly, no. SAML Raider currently can only detect SAML Messages if they are inside a GET parameter called `SAMLRequest` or `SAMLResponse` or in...

Hi yobroda There are other possibilities to create a fake certificate or clone a certificate. 1) Create a new CA and issue a new certificate. You can use the following...

Hi yobroda You can simply clone a certificate using PowerShell: ```powershell $original = "c:\tmp\certificate.pem" $cloned = "c:\tmp\cloned.p12" $password = "Password-1234" $cert_original = Get-PfxCertificate -FilePath $original $export_password = ConvertTo-SecureString -String $password...

Thanks for reporting. I'll try to fix this the next time i work on the project.

Hi Thanks for your report. I'll have a look into it the next time I work on SAML Raider. Can you post the certificate as text here so I have...

Thanks for reporting. Depending on where the SAML Message is (either as a GET or a POST parameter), the output it deflates the request or not. I'll try to fix...

Thanks for your explanation. I'll look into that the next time I have time to work on the project (not sure when exactly).

Hi @pwntester I have the exact same issue for the SAML Raider Burp extension. It's not usable right now because of this. :( Does anyone knows a workaround?