SAML Raider is a Burp Suite extension for SAML2 security testing, it contains two core functionalities – Manipulating SAML Messages and managing X.509 certificates.
The extension is divided into two parts, a SAML message editor and a certificate management tool.
Features
Message Editor
Features of the SAML Raider message editor:
- Sign SAML Messages
- Sign SAML Assertions
- Remove Signatures
- Edit SAML Message (Supported Messages: SAMLRequest and SAMLResponse)
- Preview eight common XSW Attacks
- Execute eight common XSW Attacks
- Send certificate to SAMl Raider Certificate Management
- Undo all changes of a SAML Message
- Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile
- Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding
Certificate Management
Features of the SAML Raider Certificate Management:
- Import X.509 certificates (PEM and DER format)
- Import X.509 certificate chains
- Export X.509 certificates (PEM format)
- Delete imported X.509 certificates
- Display informations of X.509 certificates
- Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format)
- Export private keys (traditional RSA Key PEM Format)
- Cloning X.509 certificates
- Cloning X.509 certificate chains
- Create new X.509 certificates
- Editing and self-sign existing X.509 certificates
You can download SAML Raider here:
Or read more here.