In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1
New SAML editor
Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST). |
| Redesigned SAML Encoder/Decoder |
Enhancement of the SAML attacker
XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.
 |
| DTD Attacker for SAML messages |
Supporting further attacks
We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.Additional functions will follow in later versions.
Currently we are working on XML Encryption attacks.This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.
The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
- Pentest Tools Alternative
- Hacker Tools For Windows
- Hack Tool Apk No Root
- Pentest Tools Website
- Pentest Tools Review
- Hacking Tools For Windows 7
- Pentest Tools Open Source
- Pentest Tools Nmap
- Hacking Tools Download
- Hack Tool Apk No Root
- Tools Used For Hacking
- Ethical Hacker Tools
- Hacker Tools Linux
- Free Pentest Tools For Windows
- Hack Tool Apk
- Usb Pentest Tools
- Hacker Tools Mac
- Hacker Tools Apk Download
- Hacking Tools Usb
- Hack Tools Mac
- Hack Tools 2019
- Hacking Tools Windows
- Hacker Hardware Tools
- Hacker Security Tools
- Hack And Tools
- Hacking Tools 2020
- Hacker Tools For Ios
- Pentest Tools For Windows
- Pentest Tools Open Source
- Hacking Tools For Windows Free Download
- How To Install Pentest Tools In Ubuntu
- Hacking Tools For Mac
- Hacking Tools 2020
- Hacking Tools For Kali Linux
- Android Hack Tools Github
- Hacker Tools
- Hacker Tools Windows
- Hacking Apps
- Hacking Tools For Games
- Hack Tools For Mac
- Nsa Hack Tools Download
- Hacker Security Tools
- Hacker Search Tools
- Hacking Tools Windows
- Pentest Tools Website
- Hacker Tools 2020
- How To Make Hacking Tools
- Hacker Tools 2019
- Tools Used For Hacking
- Pentest Tools Open Source
- Pentest Tools
- Pentest Tools For Android
- Hacking Tools Windows 10
- Hacker Tools 2020
- Hacking Tools For Mac
- Hacker Tools
- Hack Tools
- Hacker Hardware Tools
- What Is Hacking Tools
- Hacking Tools Mac
- Hacker Security Tools
- Pentest Tools Tcp Port Scanner
- Hacking Tools Kit
- Hacker Security Tools
- Pentest Tools Online
- Pentest Tools For Windows
- Hacker Tools For Pc
- Hacking Tools Kit
- Pentest Automation Tools
- Hacking Tools Download
- Hacker Tools Linux
- Hacking Tools Github
- Hack Tools Pc
- Hacking Tools For Windows 7
- Hack Website Online Tool
- What Is Hacking Tools
- Game Hacking
- Hacker Tools Apk Download
- Pentest Tools Review
- Hack Tools Online
- Hacker Tools List
- How To Make Hacking Tools
- Hack Tools For Pc
- Pentest Tools Apk
- Pentest Tools Port Scanner
- Pentest Tools List
- Pentest Recon Tools
- Hack Tools Github
- Hacker Tools Free Download
- New Hack Tools
- Hacker Tools Apk
- Hacker Tools Windows
- Hack Tools For Games
- Hacker Tools For Ios
- Hack Tools For Mac
- Hack Tools
- Pentest Recon Tools
- Kik Hack Tools
- Hackers Toolbox
- Nsa Hacker Tools
- Hacker Techniques Tools And Incident Handling
- Hacking Tools Online
- Hack Tools 2019
- Pentest Tools Framework
- Hacking App
- Wifi Hacker Tools For Windows
- Growth Hacker Tools
- Hack Tools Online
- Pentest Tools Alternative
- Hack Tools For Games
- Pentest Tools Review
- Hacking Tools Download
- Nsa Hack Tools
- Hacking Tools
- Hack App
- Hacker Search Tools
- Hacking Tools Free Download
- Nsa Hacker Tools
- Hack Tools For Pc
- Hacker Tools Linux
- Hack Tools Pc
- Best Hacking Tools 2019
- World No 1 Hacker Software
- Hacking Tools Name
- Hacking Tools Windows 10
- Pentest Tools For Windows
- Top Pentest Tools
- Black Hat Hacker Tools
- Hacker Tools Apk
- Hacking Tools For Kali Linux
- Hacking Tools Name
- Tools Used For Hacking
- Hacking Tools For Pc
- Hack Tools For Pc
- Hack And Tools
- Hacker Tools 2019
- Hacker Tools Github
- Hack App
- Hacking Tools
- Pentest Tools Android
- Best Pentesting Tools 2018
- Hacking Tools 2019
- Beginner Hacker Tools
- Hacker Tools For Pc
- What Is Hacking Tools
- Hacking Tools Windows
- Hacking Tools Windows 10
- Pentest Tools Free
- Pentest Box Tools Download
- Black Hat Hacker Tools
- Install Pentest Tools Ubuntu
- Hacking Tools
- Nsa Hack Tools
- Pentest Tools Open Source
- Hacker Security Tools
- Hacking Tools For Games
- Hacking Tools Hardware
- Pentest Tools Url Fuzzer
- Hacking Tools For Windows Free Download
- Usb Pentest Tools
- Install Pentest Tools Ubuntu
- Hacker Tools Hardware
- Pentest Tools For Mac
- Hacking Tools Windows 10
- Pentest Tools Nmap
- Nsa Hack Tools Download
- Hacking Tools And Software
- Hack Tools For Windows
- Pentest Tools Subdomain
- Hack Tools For Ubuntu
- Pentest Tools Alternative
Posts
No comments:
Post a Comment