Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

SAML Raider Extension

Matthew | Last updated: Dec 20, 2021 02:51PM UTC

Not working - reports the below: <SAMLRaiderFailureInInitialization></SAMLRaiderFailureInInitialization>

Michelle, PortSwigger Agent | Last updated: Dec 20, 2021 03:59PM UTC

Thanks for your message. Are you seeing this error when you initially try and load the extension or whilst you are using it?

Justin | Last updated: Feb 08, 2022 07:23PM UTC

Sorry, not trying to spam the forum; not sure what happened there...

Michelle, PortSwigger Agent | Last updated: Feb 09, 2022 12:08PM UTC

Thanks for getting in touch. Is the issue with SAML Raider affect all requests/responses or are you finding that some work but others don't? If it's only affecting some and has started around 2021.9 then I think this may relate to a bug we have raised with the developers. For the issues you're seeing with EsPReSSO can you send us a few more details on that one, at what stage does the error appear? If it's easier to explain in an email you can contact us using support@portswigger.net.

Justin | Last updated: Feb 09, 2022 01:45PM UTC

For SAML Raider, it appears to be a problem with only some SAML requests/responses. If I go to a different service with a different IdP/Sp, it will work. For EsPReSSO, it is basically the same problem as with SAML raider. If I select a request containing a SAML response (in the proxy, interceptor or repeater), and activate the EsPReSSO SAML plugin via the extensions drop down, it will fail to decode the SAML, instead throwing the error I noted above. As with SAML Raider, this seems to be only on some SAML transactions.

Michelle, PortSwigger Agent | Last updated: Feb 09, 2022 04:32PM UTC

Thanks for the update. The issue with SAML Raider seems to be matching the one we have already reported to the developers. I have linked this thread so we can let you know when there is an update. For the issues with EsPReSSO is this only affecting SAML transactions? Are the same SAML transactions affected in EsPReSSO as are affected in SAML Raider? If so, it's possible the cause may be the same. Can you email an example request/response that has displayed this issue to support@portswigger.net so we can confirm, please?

Justin | Last updated: Feb 09, 2022 04:51PM UTC

Thanks for tracking this, I appreciate it. To answer your questions: 1 - I don't know whether this is only affecting SAML or if it's affecting other transactions; I'm only working with SAML at the moment. 2 - The same SAML transactions are affected in EsPReSSO as in SAML Raider. 3 - Unfortunately I can't provide copies of the transactions I'm having problems with as this is a difficulty I'm encountering on a client test and I'm not able to share client data.

Michelle, PortSwigger Agent | Last updated: Feb 10, 2022 03:19PM UTC

Hi Thanks for the information, based on this we've been able to replicate the issue here using the same details as we used when replicating the issue with SAML Raider. I suspect that they both have the same underlying cause so will be covered by the same bug we already have raised. If it does turn out to be a separate issue we'll let you know.

Troy | Last updated: Mar 08, 2022 05:19PM UTC

I am having these same issues with SAML Raider and espresso

Michelle, PortSwigger Agent | Last updated: Mar 08, 2022 05:32PM UTC

Thanks for getting in touch. We have raised this as a bug with our developers, we'll add your details to the report and post back here once we have an update.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.