{"id":23196688,"url":"https://github.com/compasssecurity/samlraider","last_synced_at":"2026-02-24T08:40:16.525Z","repository":{"id":35244445,"uuid":"39504046","full_name":"CompassSecurity/SAMLRaider","owner":"CompassSecurity","description":"SAML2 Burp Extension","archived":false,"fork":false,"pushed_at":"2024-10-03T07:45:12.000Z","size":11962,"stargazers_count":401,"open_issues_count":14,"forks_count":73,"subscribers_count":22,"default_branch":"master","last_synced_at":"2024-10-13T03:01:29.487Z","etag":null,"topics":["burp","saml"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CompassSecurity.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-07-22T12:09:36.000Z","updated_at":"2024-10-02T12:33:23.000Z","dependencies_parsed_at":"2024-06-10T08:38:55.792Z","dependency_job_id":"1a7d1553-9afe-4567-b7d5-927fe3d483d4","html_url":"https://github.com/CompassSecurity/SAMLRaider","commit_stats":null,"previous_names":["samlraider/samlraider"],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CompassSecurity%2FSAMLRaider","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CompassSecurity%2FSAMLRaider/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CompassSecurity%2FSAMLRaider/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CompassSecurity%2FSAMLRaider/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CompassSecurity","download_url":"https://codeload.github.com/CompassSecurity/SAMLRaider/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246939235,"owners_count":20857922,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp","saml"],"created_at":"2024-12-18T14:20:02.737Z","updated_at":"2026-01-22T10:29:15.412Z","avatar_url":"https://github.com/CompassSecurity.png","language":"Java","readme":"# SAML Raider - SAML2 Burp Extension\n\n## Description\n\nSAML Raider is a Burp Suite extension for testing SAML infrastructures. It\ncontains two core functionalities: Manipulating SAML Messages and manage X.509\ncertificates.\n\nThis software was originally created by Roland Bischofberger and [Emanuel\nDuss](https://github.com/emanuelduss) (@emanuelduss) during a bachelor thesis at\nthe [Hochschule für Technik Rapperswil](https://www.hsr.ch) (HSR). \n\n## Features\n\nThe extension is divided in two parts. A SAML message editor and a certificate\nmanagement tool.\n\n### Message Editor\n\nFeatures of the SAML Raider message editor:\n\n* Sign SAML messages \u0026 assertions (signature spoofing attack)\n* Remove signatures (signature exclusion attack)\n* Edit SAML messages (SAMLRequest, SAMLResponse \u0026 custom parameter names)\n* Perform eight common XSW attacks\n* Insert XXE and XSLT attack payloads\n* Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services\n  Security SAML Token Profile\n* Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding\n\nSAML Attacks:\n\n![SAML Attacks](doc/saml_attacks.png)\n\nSAML Message Info:\n\n![SAML Message Info](doc/saml_info.png)\n\n### Certificate Management\n\nFeatures of the SAML Raider Certificate Management:\n\n* Import X.509 certificates (PEM and DER format)\n* Import X.509 certificate chains\n* Export X.509 certificates (PEM format)\n* Delete imported X.509 certificates\n* Display informations of X.509 certificates\n* Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format)\n* Export private keys (traditional RSA Key PEM Format)\n* Cloning X.509 certificates\n* Cloning X.509 certificate chains\n* Create new X.509 certificates\n* Editing and self-sign existing X.509 certificates\n\nCertificate Management:\n\n![Certificate Management](doc/certificates.png)\n\n## Demo\n\nSAML Signature Spoofing Demo:\n\n![SAML Signature Spoofing Demo](doc/saml_signature_spoofing_demo.gif)\n\nFusionAuth XXE Demo (CVE-2021-27736):\n\n![FusionAuth XXE Demo](doc/saml_fusionauth_xxe.gif)\n\n## Installation\n\n### Installation from BApp Store\n\nThe recommended and easiest way to install SAML Raider is using the BApp Store.\nOpen Burp and click in the `Extensions` tab on the `BApp Store` tab. Select `SAML\nRaider` and hit the `Install` button to install our extension.\n\nDon't forget to rate our extension with as many stars you like :smile:.\n\n### Manual Installation\n\nFirst, download the latest SAML Raider version:\n[saml-raider-2.5.1.jar](https://github.com/SAMLRaider/SAMLRaider/releases/download/v2.5.1/saml-raider-2.5.1.jar).\nThen, start Burp Suite and click in the `Extensions` tab on `Add`. Choose the\nSAML Raider JAR file to install it and you are ready to go.\n\n## Usage Hints\n\nTo test SAML environments more comfortable, you could add a intercept rule in\nthe proxy settings. Add a new rule which checks if a Parameter Name\n`SAMLResponse` is in the request. We hope the usage of our extension is mostly\nself explaining :smile:. If you have questions, don't hesitate to ask us!\n\nIf you have a custom parameter name for a SAML message, this can be configured\nin the SAML Raider Certificates tab.\n\nIf you don't want to let SAML Raider parse your SAML message before sending to\nthe server (e.g. when performing XXE attacks), use the raw mode.\n\n## Development\n\nSee [hacking](doc/hacking.md).\n\n## Feedback, Bugs and Feature Requests\n\nFeedback is welcome! Please contact us or create a new issue on GitHub.\n\n## License\n\nSee the [LICENSE](LICENSE) file (MIT License) for license rights and\nlimitations.\n\n## References\n\nSAML Raider is on the Internet :).\n\n### Bachelor Thesis\n\n- Our bachelor thesis where SAML Raider was born:\n[eprints_BA_SAML2_Burp_Plugin_SAML_Raider_eduss_rbischof.pdf](https://eprints.ost.ch/464/1/eprints_BA_SAML2_Burp_Plugin_SAML_Raider_eduss_rbischof.pdf).\n\n### General\n\n- PortSwigger Burp BApp Store: https://portswigger.net/bappstore/c61cfa893bb14db4b01775554f7b802e\n- SAML Raider in our Company Blog @CompassSecurity: https://blog.compass-security.com/tag/saml-raider/\n- Schwachstellen in SAML 2.0 Implementationen: https://www.syssec.at/en/veranstaltungen/archiv/dachsecurity2016/papers/DACH_Security_2016_Paper_12A1.pdf\n\n### SAML Hacking Tutorials\n\n- Awesome SAML Security Testing Blog Posts by @epi052:\n  - SAML Testing Methodology Basics: https://epi052.gitlab.io/notes-to-self/blog/2019-03-07-how-to-test-saml-a-methodology/\n  - SAML Testing Methodology using SAML Raider: https://epi052.gitlab.io/notes-to-self/blog/2019-03-13-how-to-test-saml-a-methodology-part-two/\n- Hack SAML Single Sign-on with Burp Suite: https://null-byte.wonderhowto.com/how-to/hack-saml-single-sign-with-burp-suite-0184405/\n- Attacking SSO: Common SAML Vulnerabilities and Ways to Find Them: https://blog.netspi.com/attacking-sso-common-saml-vulnerabilities-ways-find/\n- How to use Burp Suite to verify SAML Signature Wrapping attack: https://blog.ritvn.com/testing/2018/02/16/burp-suite-saml-signature-wrapping-attack.html\n- Vulnerabilities Related to SAML: https://varutra.com/blog/?p=1945b\n- Owning SAML: https://www.anitian.com/owning-saml/\n\n### Discovered Vulnerabilities using SAML Raider\n\n- CVE-2015-5372: nevisAuth Authentication Bypass (Signature Spoofing)\n  - Blog Post: https://blog.compass-security.com/2015/09/saml-sp-authentication-bypass-vulnerability-in-nevisauth/\n  - Advisory: https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CVE-2015-5372_AdNovum_nevisAuth_Authentication_Bypass.txt\n- Slack SAML Authentication Bypass:\n  - Blog Post: https://blog.intothesymmetry.com/2017/10/slack-saml-authentication-bypass.html\n- CVE-2020-12676: FusionAuth Signature Exclusion Attack\n  - Advisory: https://compass-security.com/fileadmin/Research/Advisories/2020-06_CSNC-2020-002_FusionAuth_Signature_Exclusion_Attack.txt\n- CVE-2021-27736: FusionAuth SAML Library\n  - Advisory: https://www.compass-security.com/fileadmin/Research/Advisories/2021-03_CSNC-2021-004_FusionAuth_SAML_Library_XML_External_Entity.txt\n\n### Other\n\n- SANS Burp Suite Cheat Sheet recommends SAML Raider: https://www.sans.org/posters/burp-suite-cheat-sheet/\n\n## Authors\n\n* Roland Bischofberger (GitHub: [RouLee](https://github.com/RouLee))\n* Emanuel Duss (GitHub: [emanuelduss](https://github.com/emanuelduss))\n* Tobias Hort-Giess (GitHub: [t-hg](https://github.com/t-hg))\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcompasssecurity%2Fsamlraider","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcompasssecurity%2Fsamlraider","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcompasssecurity%2Fsamlraider/lists"}