Skip to content

Latest commit

 

History

History
79 lines (51 loc) · 2.65 KB

hacking.md

File metadata and controls

79 lines (51 loc) · 2.65 KB
Raw

Development

Burp Extension Montoya API

The Burp Extension Montoya API can be found here:

Build

Linux:

./gradlew jar

Windows:

.\gradlew.bat jar

Get the jar from build/libs/saml-raider-<version>.jar

Load the Burp Extension into Burp: ExtensionsAdd → select the JAR file

Then you can test the extension and rebuild it again after a change.

Tipp: To reload the extension in Burp, without restarting Burp, hit the Ctrl key and click on the checkbox next to the extension in the Extensions tab.

Debug Mode

To enable the debug mode, start Burp with the Java VM option -Dsamlraider.debug. This will load example certificates for testing. Also, a new tab called SAML Raider Live Testing will appear where tests can be run. See Live Testing section for more information.

Live Testing

This extension is programmed against Burp's Montoya API. This API consists of only interfaces. Concrete implementations to those interfaces are only available during runtime. This makes it difficult to write automated tests (unit tests). See also PortSwigger/burp-extensions-montoya-api#97. To still be able to write some tests against concrete implementations, tests can be written under the livetesting package (follow the instructions in livetesting/package-info.java). When in debug mode, a new will be rendered, on which these defined tests can be executed.

Debugging

Start Burp with the Java Debug Wire Protocol (JWDP) server:

$ java -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005 -jar burpsuite_community_*.jar

Attach the your IDE to the debugger. In IntelliJ:

  • Run → Edit Configurations
  • New Configuration: Remote JVM Debug (apply defaults)

Attach your IDE to the running Burp process:

  • Run → Debug "Burp"

Build the extension, load the JAR into Burp, set breakpoints and start debugging.

Check out the following article for more information: https://www.netspi.com/blog/technical/web-application-penetration-testing/debugging-burp-extensions/

Test with fake SAML Response

To send a SAML Response to Burp, you can use the script samltest in the scripts/samltest directory. It sends the SAML Response from saml_response to Burp (localhost:8080) and prints out the modified response from our plugin. You have to install gawk (GNU awk) as awk and libxml2-utils for the xmllint command.