Burp Suite extension, SAML Raider, is used to test SAML infrastructures. It has two main features: managing X.509 certificates and manipulating SAML messages.

 

Roland Bischofberger and Emanuel Duss (@mindfuckup) developed this programme as part of their bachelor thesis at the Hochschule für Technik Rapperswil (HSR). 

 

Features:

  • Sign SAML assertions and messages
  • Remove Signatures
  • Perform the eight basic XSW attacks
  • Edit SAML messages
  • Insert XSLT and XXE attack payloads
  • Supported Bindings: Redirect Binding, POST Binding, URI Binding, SOAP Binding
  • Supported Profiles: Web Services Security SAML Token Profile, SAML Webbrowser Single Sign-on Profile

 

The intended use for the tool is strictly educational and should not be used for any other purpose.

 

Download Link: https://github.com/CompassSecurity/SAMLRaider

This site is under maintenance,
some features might not work!!!