Burp Suite extension, SAML Raider, is used to test SAML infrastructures. It has two main features: managing X.509 certificates and manipulating SAML messages.


Roland Bischofberger and Emanuel Duss (@mindfuckup) developed this programme as part of their bachelor thesis at the Hochschule für Technik Rapperswil (HSR). 



  • Sign SAML assertions and messages
  • Remove Signatures
  • Perform the eight basic XSW attacks
  • Edit SAML messages
  • Insert XSLT and XXE attack payloads
  • Supported Bindings: Redirect Binding, POST Binding, URI Binding, SOAP Binding
  • Supported Profiles: Web Services Security SAML Token Profile, SAML Webbrowser Single Sign-on Profile


The intended use for the tool is strictly educational and should not be used for any other purpose.


Download Link:

Leave a Reply