-
Notifications
You must be signed in to change notification settings - Fork 74
/
BappDescription.html
27 lines (25 loc) · 1.42 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<p>SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core features - a SAML message editor and an X.509 certificate manager.</p>
<p>The message editor provides the following capabilities:</p>
<ul>
<li>Sign SAML messages & assertions (signature spoofing attack)</li>
<li>Remove signatures (signature exclusion attack)</li>
<li>Edit SAML messages (SAMLRequest, SAMLResponse & custom parameter names)</li>
<li>Perform eight common XSW attacks</li>
<li>Insert XXE and XSLT attack payloads</li>
<li>Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile</li>
<li>Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding</li>
</ul>
<p>The certificate manager provides the following capabilities:</p>
<ul>
<li>Import X.509 certificates (PEM and DER format)</li>
<li>Import X.509 certificate chains</li>
<li>Export X.509 certificates (PEM format)</li>
<li>Delete imported X.509 certificates</li>
<li>Display informations of X.509 certificates</li>
<li>Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format)</li>
<li>Export private keys (traditional RSA Key PEM Format)</li>
<li>Cloning X.509 certificates</li>
<li>Cloning X.509 certificate chains</li>
<li>Create new X.509 certificates</li>
<li> Editing and self-sign existing X.509 certificates</li>
</ul>