SAMLRaider

SAMLRaider

Burp Suite extension, SAML Raider, is used to test SAML infrastructures. It has two main features: managing X.509 certificates and manipulating SAML messages.

 

Roland Bischofberger and Emanuel Duss (@mindfuckup) developed this programme as part of their bachelor thesis at the Hochschule für Technik Rapperswil (HSR). 

 

Features:

  • Sign SAML assertions and messages
  • Remove Signatures
  • Perform the eight basic XSW attacks
  • Edit SAML messages
  • Insert XSLT and XXE attack payloads
  • Supported Bindings: Redirect Binding, POST Binding, URI Binding, SOAP Binding
  • Supported Profiles: Web Services Security SAML Token Profile, SAML Webbrowser Single Sign-on Profile

 

The intended use for the tool is strictly educational and should not be used for any other purpose.

 

Download Link: https://github.com/CompassSecurity/SAMLRaider

Leave a Reply

Your email address will not be published.

Write for Us

    Maintenance Notice

    The site is under maintenace some features might not work, inconvinience deeply regretted.

    Get in Touch To get Free Demo

    We are available 24 * 7, Contact Us and Avail Exciting Discount Offers​