Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/dogangcr/vulnerable-sso
vulnerable single sign on
https://github.com/dogangcr/vulnerable-sso
Last synced: about 1 month ago
JSON representation
vulnerable single sign on
- Host: GitHub
- URL: https://github.com/dogangcr/vulnerable-sso
- Owner: dogangcr
- Created: 2019-09-10T15:03:35.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-08-01T21:09:12.000Z (4 months ago)
- Last Synced: 2024-08-03T02:02:57.604Z (4 months ago)
- Language: Java
- Size: 172 KB
- Stars: 143
- Watchers: 6
- Forks: 30
- Open Issues: 2
-
Metadata Files:
- Readme: ReadMe.md
Awesome Lists containing this project
- awesome-vulnerable-apps - vulnerable-sso - vulnerable single sign on (SSO - Single Sign On)
README
**Single Sign On**
Single sign on contains OAuth, Saml, Open ID Connect.
OAuth is used by many companies for authorization and authentication purposes. Some of the applications don’t implement OAuth specifications correctly.![UsageOfOauth](images/UsageOfOauth.png)
**OAuth 2.0 Authorization Code Flow**
In the below uml diagram, authorization code flow is drew.
![OauthFlow](images/auht_code.png)**Vulnerable SSO Project**
Vulnerable SSo is focused on single sign on related vulnerabilities.
If you want to learn, you should check this and contribute this project.VulnSSO tool is focused on sso attacks. Nowadays most of the company uses their own implementation for sso solutions. Some of the bug hunters found really good vulnerability on the big company.
There are some tools(dvwa and others .. ) that contains vulnerability. They don't have any support for sso vulnerability.Our focus is only sso related bugs. VulnSSO is training tool.It will contain redirect uri vulnerability , XXE on saml request and many others.
Vuln SSO project has three app.
- Client App
- Authentication Server
- Resource Server**Client App**
This application is used for starting point. It redirects user to authentication server.If end user enters right credentials authentication server redirect user to client app again.
**Authentication Server**
Authentication app is main point of this project.It has login page. This page contains user and password field. Redirected user enters credentials and authentication server checks it.
Spring security has static inmemory feature. This feature accept hardcoded username and password. For this reason there is no database integration in this project.**Resource Server**
This part main page of application for authenticated users. After authentication process, user will redirect this page.
In this below image, common vulnerabilities are explained.
![OauthFlow](images/oauth%20vulnerability%20uml.png)
**Incoming Vulnerability**
- CSRF for state paratemeter
- XSS For SPA Application
- CSRF for token storage issue on SPA side. Leakage of same site cookie ,X-CSRF token**Related Bug Bounty**
- [Facebook](http://blog.intothesymmetry.com/2014/04/oauth-2-how-i-have-hacked-facebook.html)
- [Periscope](https://hackerone.com/reports/110293)
- [Periscope](https://hackerone.com/reports/215381)**References**
- [Baeldung](https://www.baeldung.com/sso-spring-security-oauth2)
- [OAuth RFC](https://tools.ietf.org/html/rfc6749)