Skip to content

pwntester/DupeKeyInjector

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Dupe Key Injector

Dupe Key Injetctor is a Burp Suite extension implementing Dupe Key Confusion, a new XML signature bypass technique presented at BSides/BlackHat/DEFCON 2019 "SSO Wars: The Token Menace" presentation.

Description

Dupe Key Confusion is a new attack to bypass XML signature verification by sending multiple key identifiers in the KeyInfo section. Vulnerable systems will use the first one to verify the XML signature and the second one to verify the trust on the signing party. This plugin applies this technique to SAML tokens by allowing to modify and then resign the SAML assertion with an arbitrary attacker-controlled key which is then send as the first element of the KeyInfo section, while the original key identifier is sent as the second key identifier.

For more details about this technique, please refer to the following materials:

Screenshot

Usage

Intercept a SAML request and use the Dupe Key Injector tab to modify the assertion and then re-sign it using one of the following techniques:

  • Re-sign with RSA key.
  • Re-sign with public certificate (only enabled when a public base64 certificate has been imported).

Build

mvn package

Authors

This plugin was developed as part of a Micro Focus Fortify research by:

Thanks

This plugin is strongly based on SAML Raider. It actually uses many of the helper methods to process SAML tokens and XML documents from this project.

License

MIT License

About

DupeKeyInjector

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages