In this post we present the new version of the Burp Suite extension EsPReSSO - Extension for Processing and Recognition of Single Sign-On Protocols. A DTD attacker was implemented on SAML services that was based on the DTD Cheat Sheet by the Chair for Network and Data Security (https://web-in-security.blogspot.de/2016/03/xxe-cheat-sheet.html). In addition, many fixes were added and a new SAML editor was merged. You can find the newest version release here: https://github.com/RUB-NDS/BurpSSOExtension/releases/tag/v3.1
New SAML editor
Before the new release, EsPReSSO had a simple SAML editor where the decoded SAML messages could be modified by the user. We extended the SAML editor so that the user has the possibility to define the encoding of the SAML message and to select their HTTP binding (HTTP-GET or HTTP-POST). |
| Redesigned SAML Encoder/Decoder |
Enhancement of the SAML attacker
XML Signature Wrapping and XML Signature Faking attacks have already been part of the previous EsPReSSO version. Now the user can also perform DTD attacks! The user can select from 18 different attack vectors and manually refine them all before applying the change to the original message. Additional attack vectors can also be added by extending the XML config file of the DTD attacker.The DTD attacker can also be started in a fully automated mode. This functionality is integrated in the BurpSuite Intruder.
 |
| DTD Attacker for SAML messages |
Supporting further attacks
We implemented a CertificateViewer which extracts and decodes the certificates contained within the SAML tokens. In addition, a user interface for executing SignatureExclusion attack on SAML has been implemented.Additional functions will follow in later versions.
Currently we are working on XML Encryption attacks.This is a combined work from Nurullah Erinola, Nils Engelbertz, David Herring, Juraj Somorovsky, and Vladislav Mladenov.
The research was supported by the European Commission through the FutureTrust project (grant 700542-Future-Trust-H2020-DS-2015-1).
More info
- Bluetooth Hacking Tools Kali
- Hak5 Tools
- Hacker Tools Apk Download
- Pentest Tools Tcp Port Scanner
- Pentest Box Tools Download
- World No 1 Hacker Software
- Pentest Automation Tools
- Nsa Hacker Tools
- Tools Used For Hacking
- Pentest Recon Tools
- Pentest Tools List
- Nsa Hack Tools Download
- Hacker Security Tools
- Hacking Tools Software
- Usb Pentest Tools
- Hacker Tools Apk
- Pentest Recon Tools
- Hacker Tools Github
- Pentest Tools Windows
- Hacking Apps
- Hacker Tools For Windows
- Hacker Tools Github
- Hacking Tools Free Download
- Nsa Hack Tools
- Hacking Tools Kit
- Nsa Hack Tools Download
- Hacker Tools Linux
- Hacking Tools 2020
- Hacking Tools Kit
- Hacking Tools For Mac
- Tools For Hacker
- Hacker Tools Free
- Best Pentesting Tools 2018
- Pentest Tools List
- Hacking Apps
- Hacker Tools
- Hacking Apps
- Pentest Automation Tools
- Nsa Hack Tools
- Hackers Toolbox
- Pentest Tools Online
- Hacking Tools For Games
- Pentest Tools Website
- Hack Tools For Mac
- Beginner Hacker Tools
- Hack Rom Tools
- Pentest Tools Kali Linux
- Hack Tools Download
- Hacker Tools
- Pentest Tools Online
- Hack Tools For Mac
- Hacker Tools Mac
- How To Make Hacking Tools
- Hackers Toolbox
- Top Pentest Tools
- Hack Tools Download
- Termux Hacking Tools 2019
- Pentest Automation Tools
- Hacking Tools 2019
- Hack Tools
- Pentest Tools Free
- Beginner Hacker Tools
- Hack Tool Apk No Root
- Hacking Tools For Windows 7
- Hacker Security Tools
- Hacker Tools Linux
- Hack Rom Tools
- New Hacker Tools
- Hacking Tools Online
- Hacks And Tools
- Pentest Reporting Tools
- World No 1 Hacker Software
- Hack Tools
- Hacker Tools For Mac
- Easy Hack Tools
- Underground Hacker Sites
- Hacker Tools Hardware
- Hacker Tools Github
- Hack App
- Nsa Hack Tools Download
- Pentest Tools Kali Linux
- Hacking Tools Github
- Hacking Tools Usb
- Pentest Tools Port Scanner
- Hack And Tools
- Pentest Tools Website Vulnerability
- Hacker
- Pentest Recon Tools
- Hacker Tool Kit
- Pentest Tools Apk
- Hacking Tools Software
- Free Pentest Tools For Windows
- Hacking Tools Pc
- Hacking Tools For Beginners
- Hacker Tools Windows
- Black Hat Hacker Tools
- Hack Rom Tools
- Pentest Tools Online
- Bluetooth Hacking Tools Kali
- Hacker Tools
- Pentest Tools Nmap
- How To Install Pentest Tools In Ubuntu
- Usb Pentest Tools
- Hacking Tools For Beginners
- Hack Tools
- What Is Hacking Tools
- Hacking Tools Windows 10
- Pentest Tools Bluekeep
- Hacking Tools 2020
- Hack Tools Pc
- Hacking Tools
- Hacking Tools Download
- Pentest Tools Online
- Nsa Hack Tools
- Pentest Recon Tools
- Tools 4 Hack
- Hacker Search Tools
- Hackers Toolbox
- Hacker Tools Apk
- Pentest Recon Tools
- Hacker Tools 2019
- Pentest Tools Review
- Hacker Tools Apk Download
- Hacker Tools List
- Hacker Tools Hardware
- Wifi Hacker Tools For Windows
- Hacking Tools Mac
- Best Pentesting Tools 2018
- Hacking Tools Download
- Hacking Tools 2019
- Tools For Hacker
- Hack Tools Download
- Pentest Tools
- Hacker Tools Online
- Pentest Tools Windows
- Hack Tools
- Hacking Tools
- Blackhat Hacker Tools
- Hak5 Tools
- Kik Hack Tools
- How To Make Hacking Tools
- Hacker Tools Windows
- Black Hat Hacker Tools
- Hack Website Online Tool
- Hacking Tools Free Download
Tidak ada komentar:
Posting Komentar