Burp Suite User Forum

Problem with burp extension to automate security checks of single sign-on

Tom | Last updated: Jun 13, 2018 01:00PM UTC

Hello, I'm currently trying to develop (jython) extension to automate some work with single sign-on protocols (like oauth, saml etc.). The main idea how it would work is: - Check requests if it's an sso request - Determine which one it is - Perform some passive checks - Perform active checks which would lead to start a new chain of authorization with protocol and perform some attacks (f.e. XSW for SAML). As for passive checks I do not have a problems with them (using baseRequestResponse at the doPassiveScan function mostly), I can't really think of the hooks (looking at documentation) that I can use to perform the active checks that will work as in my idea. I will be glad if you will show me the way a bit in that case Regards, Tom

PortSwigger Agent | Last updated: Jun 13, 2018 04:48PM UTC

Hi Tom, That sounds like an interesting extension. There are some SSO extensions in the BApp Store already; it would be interesting to consult them. I expect you've already discovered the IScannerCheck interface and that you can override doActiveScan. You should perform your active checks within that method. You can use callbacks.makeHttpRequest to issue a request, which will go through Burp's network stack, including session handling rules. If there any specific issue you're having doing that?

You need to Log in to post a reply. Or register here, for free.