Burp Suite extension, SAML Raider, is used to test SAML infrastructures. It has two main features: managing X.509 certificates and manipulating SAML messages.
Roland Bischofberger and Emanuel Duss (@mindfuckup) developed this programme as part of their bachelor thesis at the Hochschule für Technik Rapperswil (HSR).
Features:
- Sign SAML assertions and messages
- Remove Signatures
- Perform the eight basic XSW attacks
- Edit SAML messages
- Insert XSLT and XXE attack payloads
- Supported Bindings: Redirect Binding, POST Binding, URI Binding, SOAP Binding
- Supported Profiles: Web Services Security SAML Token Profile, SAML Webbrowser Single Sign-on Profile
The intended use for the tool is strictly educational and should not be used for any other purpose.
Download Link: https://github.com/CompassSecurity/SAMLRaider