SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core functionalities: Manipulating SAML Messages and manage X.509 certificates.
This software was created by Roland Bischofberger and Emanuel Duss during a bachelor thesis at the Hochschule für Technik Rapperswil (HSR). Our project partner and advisor was Compass Security Schweiz AG . We thank Compass for the nice collaboration and support during our bachelor thesis.
Features
The extension is divided in two parts. A SAML message editor and a certificate management tool.
Message Editor
Features of the SAML Raider message editor:
Certificate Management
Features of the SAML Raider Certificate Management:
Installation
Manual Installation
Start the Burp Suite and click at the Extender
tab on Add
. Choose the SAML Raider JAR file to install the extension.
Installation from BApp Store
The easy way to install SAML Raider is using the BApp Store. Open Burp and click in the Extender
tab on the BApp Store
tab. Select SAML Raider
and hit the Install
button to install our extension.
Don’t forget to rate our extension with as many stars you like.
Usage
To test SAML environments more comfortable, you could add a intercept rule in the proxy settings. Add a new rule which checks if a Parameter Name SAMLResponse
is in the request. We hope the usage of our extension is mostly self explaining.
Development
Build
Clone the repository and build the JAR file using Maven:
$ mvn install
Use the JAR file in target/saml-raider-1.0-SNAPSHOT-jar-with-dependencies.jar
as a Burp extension.
Run SAML Raider inside Eclipse
To start the Extension directly from Eclipse, import the Repository into Eclipse. Note that the Eclipse Maven Plugin m2e
is required.
Place the Burp Suite JAR file into the lib
folder and add the Burp JAR as a Library in the Eclipse Project ( Properties
→ Build Path
→ Libraries
).
Open the Burp JAR under Referenced Libraries
in the Package Explorer and right click in the Package burp
on StartBurp.class
and select Run As...
→ Java Application
to start Burp and load the Extension automatically.
Debug Mode
To enable the Debug Mode, set the DEBUG
Flag in the Class Flags
from the Package helpers
to true
. This will write all output to the SAMLRaiderDebug.log
logfile and load example certificates for testing.
Test with fake SAML Response
To send a SAML Response to Burp, you can use the script samltest
in the scripts/samltest
directory. It sends the SAML Response from saml_response
to Burp ( localhost:8080
) and prints out the modified response from our plugin.