Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/RUB-NDS/BurpSSOExtension
An extension for BurpSuite that highlights SSO messages in Burp's proxy window..
https://github.com/RUB-NDS/BurpSSOExtension
Last synced: about 2 months ago
JSON representation
An extension for BurpSuite that highlights SSO messages in Burp's proxy window..
- Host: GitHub
- URL: https://github.com/RUB-NDS/BurpSSOExtension
- Owner: RUB-NDS
- License: other
- Created: 2015-05-11T08:17:45.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2021-04-26T17:37:43.000Z (over 3 years ago)
- Last Synced: 2024-07-30T20:33:23.915Z (about 2 months ago)
- Language: Java
- Homepage:
- Size: 2.58 MB
- Stars: 115
- Watchers: 15
- Forks: 43
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: license_header.txt
Awesome Lists containing this project
- awesome-burp-extensions - EsPReSSO - An extension for BurpSuite that highlights SSO messages in Burp's proxy window.. (OAuth and SSO)
README
# EsPReSSO
[](https://travis-ci.org/RUB-NDS/BurpSSOExtension)
[](https://github.com/RUB-NDS/BurpSSOExtension/releases)
## Extension for Processing and Recognition of Single Sign-On Protocols
The extension is based on the BurpSSO Extension, developed by the [Chair of Network and Data Security, Ruhr University
Bochum](http://nds.rub.de/) and the [Hackmanit GmbH](http://hackmanit.de/). The extension is part of a bachelor thesis by [Tim Guenther](https://github.com/TimGuenther) at the [Ruhr-University Bochum](http://rub.de/) in cooperation with [Context Information Security Ltd.](http://contextis.com/).
## Features
### Detecting
Supported Protocols:
- [x] SAML
- [x] OpenID
- [x] OAuth
- [x] BrowserId
- [x] OpenID Connect
- [x] Facebook Connect
- [x] Microsoft Account
### Attacking
- [x] WS-Attacker integration while intercepting SAML messages
- [x] DTD-Attacker integration while intercepting SAML messages
- [x] XML-Encryption-Attacker integration while intercepting SAML messages
### Beautifier
- [x] Syntax Highlight
- [x] Highlight SSO messages in proxy window and display the protocol type
- [x] Show all recognized SSO messages in a history tab
- [x] Context menu for 'Analyze SSO Protocol'
### Editors/Viewers
- [x] View and edit SAML
- [x] View JSON and JSON Web Token (JWT)
## Build
```bash
$ mvn clean package
```
(Please start Burp with Java 1.8)
## Installation and Usage
- Build the JAR file as described above, or download it from [releases](https://github.com/RUB-NDS/BurpSSOExtension/releases).
- Load the JAR file from the target folder into Burp's Extender. (Start Burp with Java 1.8)
- SSO messages are highlighted automatically in Burp's HTTP history (Proxy tab).
- SAML, JSON and JWT editors and viewers attached automatically.
- A SSO History, Options and Help can be found in a new tab called 'EsPReSSO'.
## Dependencies and Licences
Dependency | Licence | Access Date | Link | Copyright (c) Date, Name |
|-----------------|---------------------------------|-------------|-------------------------------------------------------------------|----------------------------------------------------------------------|
| RSyntaxTextArea | modified BSD license | 20.09.2015 | https://github.com/bobbylight/RSyntaxTextArea | 2012, Robert Futrell |
| json-simple | Apache License 2.0 | 20.09.2015 | https://code.google.com/p/json-simple/ | Unkown, Yidong Fang |
| WSAttacker | GNU General Public License v2.0 | 20.09.2015 | https://github.com/RUB-NDS/WS-Attacker/ | 2012, Christain Mainka, Andreas Falkenberg, Jurai Somorovski, et al. |
| junit | Eclipse Public License 1.0 | 12.03.2018 | https://github.com/junit-team/junit4 | Unkown, Erich Gamma and Kent Beck. |
| jutf7 | MIT license | 12.03.2018 | https://sourceforge.net/projects/jutf7/ | 2011, Jaap Beetstra |
| commons-io | Apache License 2.0 | 12.03.2018 | https://github.com/apache/commons-io | 2012, Scott Sanders, et al. |
## Tested with:
- Java 1.8.0._151
- Burp Suite 1.7.36
- Ubuntu 16.04.3 LTS, amd64
- Netbeans 8.2
- Maven 3.3.9