Skip to content

Commit 24a3755

Browse files
tobiashorttobiashort
authored
Merge pull request #86 from CompassSecurity/thort/pr84
Thort/pr84
2 parents fed9899 + 5564b03 commit 24a3755

12 files changed

Lines changed: 309 additions & 167 deletions

File tree

BappManifest.bmf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,12 @@ Uuid: c61cfa893bb14db4b01775554f7b802e
22
ExtensionType: 1
33
Name: SAML Raider
44
RepoName: saml-raider
5-
ScreenVersion: 2.1.1
5+
ScreenVersion: 2.2.0
66
SerialVersion: 19
77
MinPlatformVersion: 0
88
ProOnly: False
99
Author: Roland Bischofberger / Emanuel Duss / Tobias Hort-Giess
1010
ShortDescription: Provides a SAML message editor and a certificate management tool to help with testing SAML infrastructures.
11-
EntryPoint: build/libs/saml-raider-2.1.1.jar
11+
EntryPoint: build/libs/saml-raider-2.2.0.jar
1212
BuildCommand: ./gradlew jar
1313
SupportedProducts: Pro, Community

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -79,7 +79,7 @@ Don't forget to rate our extension with as many stars you like :smile:.
7979
### Manual Installation
8080

8181
First, download the latest SAML Raider version:
82-
[saml-raider-2.1.1.jar](https://github.com/SAMLRaider/SAMLRaider/releases/download/v2.1.1/saml-raider-2.1.1.jar).
82+
[saml-raider-2.2.0.jar](https://github.com/SAMLRaider/SAMLRaider/releases/download/v2.2.0/saml-raider-2.2.0.jar).
8383
Then, start Burp Suite and click in the `Extensions` tab on `Add`. Choose the
8484
SAML Raider JAR file to install it and you are ready to go.
8585

build.gradle

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ plugins {
22
id "java-library"
33
}
44

5-
version = "2.1.1"
5+
version = "2.2.0"
66

77
repositories {
88
mavenCentral()
@@ -24,6 +24,7 @@ dependencies {
2424
implementation libs.org.apache.santuario.xmlsec
2525
implementation libs.xerces.xercesimpl
2626

27+
testImplementation libs.com.formdev.flatlaf
2728
testImplementation libs.net.portswigger.burp.extensions.montoya.api
2829
testImplementation libs.org.bouncycastle.bcpkix.jdk15on
2930
testImplementation libs.org.junit.jupiter

src/main/java/application/SamlTabController.java

Lines changed: 37 additions & 58 deletions
Original file line numberDiff line numberDiff line change
@@ -16,9 +16,14 @@
1616
import gui.XSWHelpWindow;
1717
import helpers.XMLHelpers;
1818
import helpers.XSWHelpers;
19-
import java.awt.Component;
20-
import java.awt.Desktop;
21-
import java.awt.Toolkit;
19+
import model.BurpCertificate;
20+
import org.w3c.dom.*;
21+
import org.xml.sax.SAXException;
22+
23+
import javax.xml.crypto.MarshalException;
24+
import javax.xml.crypto.dsig.XMLSignatureException;
25+
import javax.xml.parsers.ParserConfigurationException;
26+
import java.awt.*;
2227
import java.awt.datatransfer.Clipboard;
2328
import java.awt.datatransfer.StringSelection;
2429
import java.io.File;
@@ -36,12 +41,6 @@
3641
import java.util.List;
3742
import java.util.Observable;
3843
import java.util.Observer;
39-
import javax.xml.crypto.MarshalException;
40-
import javax.xml.crypto.dsig.XMLSignatureException;
41-
import javax.xml.parsers.ParserConfigurationException;
42-
import model.BurpCertificate;
43-
import org.w3c.dom.*;
44-
import org.xml.sax.SAXException;
4544

4645
import static java.util.Objects.requireNonNull;
4746

@@ -55,7 +54,7 @@ public class SamlTabController implements ExtensionProvidedHttpRequestEditor, Ob
5554
public static final String XML_NOT_SUITABLE_FOR_XSLT = "This XML Message is not suitable for this particular XSLT attack";
5655
public static final String XML_COULD_NOT_SIGN = "Could not sign XML";
5756
public static final String XML_COULD_NOT_SERIALIZE = "Could not serialize XML";
58-
public static final String XML_NOT_WELL_FORMED = "XML isn't well formed or binding is not supported";
57+
public static final String XML_NOT_WELL_FORMED = "XML isn't well formed or binding is not supported.";
5958
public static final String XML_NOT_SUITABLE_FOR_XSW = "This XML Message is not suitable for this particular XSW, is there a signature?";
6059
public static final String NO_BROWSER = "Could not open diff in Browser. Path to file was copied to clipboard";
6160
public static final String NO_DIFF_TEMP_FILE = "Could not create diff temp file.";
@@ -72,7 +71,6 @@ public class SamlTabController implements ExtensionProvidedHttpRequestEditor, Ob
7271
private boolean editable;
7372
private XSWHelpers xswHelpers;
7473
private boolean isEdited = false;
75-
private boolean isRawMode = false;
7674

7775
public SamlTabController(boolean editable, CertificateTabController certificateTabController) {
7876
this.certificateTabController = requireNonNull(certificateTabController, "certificateTabController");
@@ -104,9 +102,9 @@ public HttpRequest getRequest() {
104102
String soapMessage = requestResponse.response().bodyToString();
105103
Document soapDocument = xmlHelpers.getXMLDocumentOfSAMLMessage(soapMessage);
106104
Element soapBody = xmlHelpers.getSOAPBody(soapDocument);
107-
xmlHelpers.getString(soapDocument);
105+
xmlHelpers.getString(soapDocument); // Why?
108106
Document samlDocumentEdited = xmlHelpers.getXMLDocumentOfSAMLMessage(samlMessage);
109-
xmlHelpers.getString(samlDocumentEdited);
107+
xmlHelpers.getString(samlDocumentEdited); // Why?
110108
Element samlResponse = (Element) samlDocumentEdited.getFirstChild();
111109
soapDocument.adoptNode(samlResponse);
112110
Element soapFirstChildOfBody = (Element) soapBody.getFirstChild();
@@ -120,32 +118,17 @@ public HttpRequest getRequest() {
120118
setInfoMessageText(XML_NOT_WELL_FORMED);
121119
}
122120
} else {
123-
String textMessage = null;
124-
125-
if (isRawMode) {
126-
textMessage = textArea.getContents().toString();
127-
} else {
128-
try {
129-
textMessage = xmlHelpers
130-
.getStringOfDocument(xmlHelpers.getXMLDocumentOfSAMLMessage(textArea.getContents().toString()), 0, true);
131-
} catch (IOException e) {
132-
setInfoMessageText(XML_COULD_NOT_SERIALIZE);
133-
} catch (SAXException e) {
134-
setInfoMessageText(XML_NOT_WELL_FORMED);
135-
}
136-
}
121+
String textMessage = textArea.getContents().toString();
137122

138123
String parameterToUpdate;
139-
if (this.samlMessageAnalysisResult.isSAMLRequest()) {
124+
if (this.samlMessageAnalysisResult.isWSSMessage()) {
125+
parameterToUpdate = "wresult";
126+
} else if (this.samlMessageAnalysisResult.isSAMLRequest()) {
140127
parameterToUpdate = certificateTabController.getSamlRequestParameterName();
141128
} else {
142129
parameterToUpdate = certificateTabController.getSamlResponseParameterName();
143130
}
144131

145-
if (this.samlMessageAnalysisResult.isWSSMessage()) {
146-
parameterToUpdate = "wresult";
147-
}
148-
149132
HttpParameterType parameterType;
150133
if (request.method().equals("GET")) {
151134
parameterType = HttpParameterType.URL;
@@ -224,7 +207,7 @@ public void setRequestResponse(HttpRequestResponse requestResponse) {
224207
String soapMessage = requestResponse.response().bodyToString();
225208
Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(soapMessage);
226209
Document documentSAML = xmlHelpers.getSAMLResponseOfSOAP(document);
227-
samlMessage = xmlHelpers.getStringOfDocument(documentSAML, 0, false);
210+
samlMessage = xmlHelpers.getStringOfDocument(documentSAML);
228211
} else if (this.samlMessageAnalysisResult.isWSSMessage()) {
229212
var parameterValue = requestResponse.request().parameterValue("wresult", HttpParameterType.BODY);
230213
var decodedSAMLMessage =
@@ -281,7 +264,8 @@ private void setInformationDisplay() {
281264

282265
try {
283266
Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(samlMessage);
284-
textEditorInformation.setContents(ByteArray.byteArray(xmlHelpers.getStringOfDocument(xmlHelpers.getXMLDocumentOfSAMLMessage(samlMessage), 2, true).getBytes()));
267+
String formattedDocumentWithIndentation = xmlHelpers.getStringOfDocument(xmlHelpers.getXMLDocumentOfSAMLMessage(samlMessage), 2);
268+
textEditorInformation.setContents(ByteArray.byteArray(formattedDocumentWithIndentation.getBytes()));
285269
NodeList assertions = xmlHelpers.getAssertions(document);
286270
if (assertions.getLength() > 0) {
287271
Node assertion = assertions.item(0);
@@ -321,10 +305,9 @@ public void removeSignature() {
321305
try {
322306
Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(textArea.getContents().toString());
323307
if (xmlHelpers.removeAllSignatures(document) > 0) {
324-
samlMessage = xmlHelpers.getStringOfDocument(document, 2, true);
308+
samlMessage = xmlHelpers.getStringOfDocument(document);
325309
textArea.setContents(ByteArray.byteArray(samlMessage));
326310
isEdited = true;
327-
setRawMode(false);
328311
setInfoMessageText("Message signature successful removed");
329312
} else {
330313
setInfoMessageText("No Signatures available to remove");
@@ -339,15 +322,10 @@ public void removeSignature() {
339322
public void resetMessage() {
340323
samlMessage = orgSAMLMessage;
341324
textArea.setContents(ByteArray.byteArray(samlMessage));
325+
samlGUI.getStatusPanel().setText("");
342326
isEdited = false;
343327
}
344328

345-
public void setRawMode(boolean rawModeEnabled) {
346-
isRawMode = rawModeEnabled;
347-
isEdited = true;
348-
samlGUI.getActionPanel().setRawModeEnabled(rawModeEnabled);
349-
}
350-
351329
public void resignAssertion() {
352330
try {
353331
resetInfoMessageText();
@@ -363,12 +341,10 @@ public void resignAssertion() {
363341
String string = xmlHelpers.getString(document);
364342
Document doc = xmlHelpers.getXMLDocumentOfSAMLMessage(string);
365343
xmlHelpers.removeEmptyTags(doc);
366-
xmlHelpers.signAssertion(doc, signAlgorithm, digestAlgorithm, cert.getCertificate(),
367-
cert.getPrivateKey());
368-
samlMessage = xmlHelpers.getStringOfDocument(doc, 2, true);
344+
xmlHelpers.signAssertion(doc, signAlgorithm, digestAlgorithm, cert.getCertificate(), cert.getPrivateKey());
345+
samlMessage = xmlHelpers.getStringOfDocument(doc);
369346
textArea.setContents(ByteArray.byteArray(samlMessage));
370347
isEdited = true;
371-
setRawMode(false);
372348
setInfoMessageText("Assertions successfully signed");
373349
} else {
374350
setInfoMessageText("no certificate chosen to sign");
@@ -397,12 +373,10 @@ public void resignMessage() {
397373
String digestAlgorithm = xmlHelpers.getDigestAlgorithm(responses.item(0));
398374

399375
xmlHelpers.removeOnlyMessageSignature(document);
400-
xmlHelpers.signMessage(document, signAlgorithm, digestAlgorithm, cert.getCertificate(),
401-
cert.getPrivateKey());
402-
samlMessage = xmlHelpers.getStringOfDocument(document, 2, true);
376+
xmlHelpers.signMessage(document, signAlgorithm, digestAlgorithm, cert.getCertificate(), cert.getPrivateKey());
377+
samlMessage = xmlHelpers.getStringOfDocument(document);
403378
textArea.setContents(ByteArray.byteArray(samlMessage));
404379
isEdited = true;
405-
setRawMode(false);
406380
setInfoMessageText("Message successfully signed");
407381
} else {
408382
setInfoMessageText("no certificate chosen to sign");
@@ -426,15 +400,15 @@ public void resignMessage() {
426400
}
427401

428402
private void setInfoMessageText(String infoMessage) {
429-
samlGUI.getActionPanel().getStatusMessageLabel().setText(infoMessage);
403+
samlGUI.getStatusPanel().setText(infoMessage);
430404
}
431405

432406
public String getInfoMessageText() {
433-
return samlGUI.getActionPanel().getStatusMessageLabel().getText();
407+
return samlGUI.getStatusPanel().getText();
434408
}
435409

436410
private void resetInfoMessageText() {
437-
samlGUI.getActionPanel().getStatusMessageLabel().setText("");
411+
samlGUI.getStatusPanel().setText("");
438412
}
439413

440414
private void updateCertificateList() {
@@ -464,7 +438,7 @@ public void showXSWPreview() {
464438
try {
465439
Document document = xmlHelpers.getXMLDocumentOfSAMLMessage(orgSAMLMessage);
466440
xswHelpers.applyXSW(samlGUI.getActionPanel().getSelectedXSW(), document);
467-
String after = xmlHelpers.getStringOfDocument(document, 2, true);
441+
String after = xmlHelpers.getStringOfDocument(document);
468442
String diff = xswHelpers.diffLineMode(orgSAMLMessage, after);
469443

470444
File file = File.createTempFile("tmp", ".html", null);
@@ -504,10 +478,9 @@ public void applyXSW() {
504478
try {
505479
document = xmlHelpers.getXMLDocumentOfSAMLMessage(orgSAMLMessage);
506480
xswHelpers.applyXSW(samlGUI.getActionPanel().getSelectedXSW(), document);
507-
samlMessage = xmlHelpers.getStringOfDocument(document, 2, true);
481+
samlMessage = xmlHelpers.getStringOfDocument(document);
508482
textArea.setContents(ByteArray.byteArray(samlMessage));
509483
isEdited = true;
510-
setRawMode(false);
511484
setInfoMessageText(XSW_ATTACK_APPLIED);
512485
} catch (SAXException e) {
513486
setInfoMessageText(XML_NOT_WELL_FORMED);
@@ -529,7 +502,6 @@ public void applyXXE(String collabUrl) {
529502
}
530503
textArea.setContents(ByteArray.byteArray(samlMessage));
531504
isEdited = true;
532-
setRawMode(true);
533505
setInfoMessageText(XXE_CONTENT_APPLIED);
534506
}
535507

@@ -571,7 +543,6 @@ public void applyXSLT(String collabUrl) {
571543
samlMessage = firstPart + xslt + secondPart;
572544
textArea.setContents(ByteArray.byteArray(samlMessage));
573545
isEdited = true;
574-
setRawMode(true);
575546
setInfoMessageText(XSLT_CONTENT_APPLIED);
576547
}
577548

@@ -607,4 +578,12 @@ public void showXSWHelp() {
607578
public void update(Observable arg0, Object arg1) {
608579
updateCertificateList();
609580
}
581+
582+
public String getEditorContents() {
583+
return this.textArea.getContents().toString();
584+
}
585+
586+
public void setEditorContents(String text) {
587+
this.textArea.setContents(ByteArray.byteArray(text));
588+
}
610589
}

0 commit comments

Comments
 (0)