Required Tools :
SAML Raider - burp extension (Includes “SAML Raider certificates” tab)
SAML Editor - burp extension
SAML tracer - browser plugin
Common Findings :
SAML Certificate Validity
SAML Signature Validation
XML Signature Wrapping
Message Replay
SAML RelayState URI Not Validated
SAML External Entity Injection
Access Control Checks
Reauthentication and Session Validation
Unsigned Logout Request
XSS in SAML Implementation
Now Let’s deep dive , how to perform the above test cases with the help of above mentioned burpsuite extensions:
SAML Certificate Validity :
Description : SAML messages should contain a timestamp of when the request was issued, when it expires or both. If the SAML message never expires or if the expiration is not honored, there is a greater risk of a message falling into the hands of an attacker. Check the message for timestamps, such as an IssueInstant or NotOnOrAfter assertion.
Remediation : It is recommended to keep the expiration window within 1-5 minutes and must not allow the message to be reproduced.
Steps to check this bug :
Navigate to burp and send the SAML request to repeater and install the SAML Raider extension.
Observe if the expiration window is reasonable, like 1-5 minutes.
Now , again try to send the request after the expiration window, and verify the response is valid or not.
If the response is valid → we need to let the developer know to fix the issue……………
Now Let's Dive into more vulnerabilities of SAML …………..... Part 3... Coming Soon... 🚀