SAML Raider – SAML2 Security Testing Burp Extension


SAML Raider is a Burp Suite extension for SAML2 security testing, it contains two core functionalities – Manipulating SAML Messages and managing X.509 certificates.

SAML Raider - SAML2 Security Testing Burp Extension

The extension is divided into two parts, a SAML message editor and a certificate management tool.


Features

Message Editor

Features of the SAML Raider message editor:

  • Sign SAML Messages
  • Sign SAML Assertions
  • Remove Signatures
  • Edit SAML Message (Supported Messages: SAMLRequest and SAMLResponse)
  • Preview eight common XSW Attacks
  • Execute eight common XSW Attacks
  • Send certificate to SAMl Raider Certificate Management
  • Undo all changes of a SAML Message
  • Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile
  • Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding

Certificate Management

Features of the SAML Raider Certificate Management:

  • Import X.509 certificates (PEM and DER format)
  • Import X.509 certificate chains
  • Export X.509 certificates (PEM format)
  • Delete imported X.509 certificates
  • Display informations of X.509 certificates
  • Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format)
  • Export private keys (traditional RSA Key PEM Format)
  • Cloning X.509 certificates
  • Cloning X.509 certificate chains
  • Create new X.509 certificates
  • Editing and self-sign existing X.509 certificates

You can download SAML Raider here:

saml-raider-1.2.1.jar

Or read more here.

Posted in: Hacking Tools, Networking Hacking Tools


Latest Posts:


GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.


Comments are closed.