The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

How do i forge a SAML response with Burp + SAML RAIDER?

Martin | Last updated: Jan 24, 2020 10:23AM UTC

Hello! Not sure if this topic should be placed here or under the Burp Extender. I work as an IT-Consultant for a company, regarding the security they only want to fix a securityhole if we can prove its breachable. The company i work for is using a ASP.NET web application with SAML2.0 sso, IDP is Azure. Ive checked the metadata for the site and it does not require signed AuthnRequest or Assertion. Im wondering how to use Burp with proxy in order to edit the SAML response to impersonate somebody else and login as their user? Ive tried and managed to intercept the SAML response after signing into the idp, im able to edit the response and forward it to the SP, but im not getting it to work as i still get signed in on my own account. Anybody here knows if i have edit all the atttributes sent from Azure- or just the NameID? Is there some guide that explains how to do this with BURP + SAML RAIDER

Ben, PortSwigger Agent | Last updated: Jan 24, 2020 02:42PM UTC