SAML Attacks Not Forwarded Correctly With BurpSuite 2024.7.x #74
Comments
|
Hi @edmacke Thanks for your report. Will look at it a soon as possible. Tobias |
|
Hi @edmacke I have looked into this bug. I am afraid that this is probably not a bug in our extension, but a bug introduced by BurpSuite. I tried the sample extension code from https://github.com/PortSwigger/burp-extensions-montoya-api-examples/tree/main/customrequesteditortab and it turns out that this sample code is also prone to the same bug. The following video should demonstrate this: I have filed a bug here: |
|
In case someone reads this and didn't find the (mentioned) workaround for this bug:
|
After a recent BurpSuite upgrade, SAML Raider's attacks get applied but not forwarded.
I intercept the SAMLResponse request, and apply a SAML attack, but what gets forwarded is the original, unaltered request, not the SAMLRaider-altered version.
For example, I intercept a SAMLResponse request, and apply the SAML attack "Remove Signatures". I get the orange verification text "Message signature successful removed", and I can see that the signature has indeed been removed. I click on "Forward" to send the edited message on its way.
But what actually gets forwarded is original request. I can verify this by looking in the HTTP history and seeing that there are only 2 options for the request: "Original request" and "Auto-modified request". They are both exactly the same: the original request without the SAML attack applied. There is no "Edited request" option like you'd normally see when the SAML attack was actually sent.
Using SAML Raider 2.0.0. This behavior seems to happen with all BS 2024.7.x releases and seems to work fine with BS 2024.6.6.
Have tried all the usual: rebooting, disable/enable and re-installing SAML Raider. It looks like BurpSuite made some changes to their proxy starting with 2024.7.3 and I wonder if those changes are not SAML Raider compatible?
The text was updated successfully, but these errors were encountered: