Merge pull request #36 from PortSwigger/master

PortSwigger Changes
CompassSecurity · Apr 1, 2019 · f4ed4ab · f4ed4ab
2 parents 6681ce4 + 69844d1
commit f4ed4ab
Show file tree

Hide file tree

Showing 8 changed files with 74 additions and 25 deletions.
diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,5 @@ bin/
 lib/burpsuite_*.jar
 target/
 SAMLRaiderDebug.log
+.idea/
+*.iml
diff --git a/BappDescription.html b/BappDescription.html
@@ -0,0 +1,29 @@
+<p>SAML Raider is a Burp Suite extension for testing SAML infrastructures. It contains two core features - a SAML message editor and an X.509 certificate manager.</p>
+<p>The message editor provides the following capabilities:</p>
+<ul>
+    <li>Sign SAML Messages</li>
+    <li>Sign SAML Assertions</li>
+    <li>Remove Signatures</li>
+    <li>Edit SAML Messages (Supported Messages: SAMLRequest and SAMLResponse)</li>
+    <li>Preview eight common XSW Attacks</li>
+    <li>Execute eight common XSW Attacks</li>
+    <li>Send certificate to SAML Raider Certificate Management</li>
+    <li>Undo all changes of a SAML Message</li>
+    <li>Supported Profiles: SAML Webbrowser Single Sign-on Profile, Web Services Security SAML Token Profile</li>
+    <li>Supported Bindings: POST Binding, Redirect Binding, SOAP Binding, URI Binding</li>
+</ul>
+
+<p>The certificate manager provides the following capabilities:</p>
+<ul>
+    <li>Import X.509 certificates (PEM and DER format)</li>
+    <li>Import X.509 certificate chains</li>
+    <li>Export X.509 certificates (PEM format)</li>
+    <li>Delete imported X.509 certificates</li>
+    <li>Display informations of X.509 certificates</li>
+    <li>Import private keys (PKCD#8 in DER format and traditional RSA in PEM Format)</li>
+    <li>Export private keys (traditional RSA Key PEM Format)</li>
+    <li>Cloning X.509 certificates</li>
+    <li>Cloning X.509 certificate chains</li>
+    <li>Create new X.509 certificates</li>
+    <li> Editing and self-sign existing X.509 certificates</li>
+</ul>
diff --git a/BappManifest.bmf b/BappManifest.bmf
@@ -0,0 +1,12 @@
+Uuid: c61cfa893bb14db4b01775554f7b802e
+ExtensionType: 1
+Name: SAML Raider
+RepoName: saml-raider
+ScreenVersion: 1.2.2
+SerialVersion: 6
+MinPlatformVersion: 0
+ProOnly: False
+Author: Roland Bischofberger / Emanuel Duss
+ShortDescription: Provides a SAML message editor and a certificate management tool to help with testing SAML infrastructures.
+EntryPoint: target/saml-raider-1.2.2-jar-with-dependencies.jar
+BuildCommand: mvn package -DskipTests=true -Dmaven.javadoc.skip=true -B
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
 	<description>SAML2 Burp Suite Extension</description>
 	<groupId>ch.hsr</groupId>
 	<artifactId>saml-raider</artifactId>
-	<version>1.2.1-SNAPSHOT</version>
+	<version>1.2.2</version>
 	<modelVersion>4.0.0</modelVersion>
 	  <properties>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -43,15 +43,25 @@
 			<artifactId>xml-security-impl</artifactId>
 			<version>1.0</version>
 		</dependency>
+		<dependency>
+			<groupId>xerces</groupId>
+			<artifactId>xercesImpl</artifactId>
+			<version>2.12.0</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.santuario</groupId>
+			<artifactId>xmlsec</artifactId>
+			<version>2.1.2</version>
+		</dependency>
 	</dependencies>
 	<build>
 		<plugins>
 			<plugin>
 				<artifactId>maven-compiler-plugin</artifactId>
 				<version>3.1</version>
 				<configuration>
-					<source>1.7</source>
-					<target>1.7</target>
+					<source>1.8</source>
+					<target>1.8</target>
 					<descriptorRefs>
 						<descriptorRef>jar-with-dependencies</descriptorRef>
 					</descriptorRefs>

diff --git a/src/main/java/application/BurpCertificateBuilder.java b/src/main/java/application/BurpCertificateBuilder.java
@@ -49,8 +49,6 @@
 import org.bouncycastle.x509.X509V3CertificateGenerator;
 import org.bouncycastle.x509.extension.X509ExtensionUtil;
 
-import sun.reflect.generics.reflectiveObjects.NotImplementedException;
-
 @SuppressWarnings("deprecation")
 public class BurpCertificateBuilder {
 	X509V3CertificateGenerator certificateGenerator;
@@ -183,7 +181,7 @@ private X509Certificate generateX509Certificate(PrivateKey privateKey) throws Ce
 		// X.509v3 General
 
 		if (version != 3) {
-			throw new NotImplementedException();
+			throw new UnsupportedOperationException("Not implemented yet.");
 		}
 		certificateGenerator = new X509V3CertificateGenerator();
 		certificateGenerator.setSerialNumber(serial);

diff --git a/src/main/java/helpers/XMLHelpers.java b/src/main/java/helpers/XMLHelpers.java
@@ -47,11 +47,11 @@
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
-import com.sun.org.apache.xml.internal.security.Init;
-import com.sun.org.apache.xml.internal.security.signature.XMLSignature;
-import com.sun.org.apache.xml.internal.security.transforms.Transforms;
-import com.sun.org.apache.xml.internal.serialize.OutputFormat;
-import com.sun.org.apache.xml.internal.serialize.XMLSerializer;
+import org.apache.xml.security.Init;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
 
 public class XMLHelpers {
 

diff --git a/src/main/java/model/BurpCertificateStore.java b/src/main/java/model/BurpCertificateStore.java
@@ -6,6 +6,7 @@
 import java.util.List;
 
 import javax.swing.tree.DefaultMutableTreeNode;
+import javax.swing.tree.TreeNode;
 
 public class BurpCertificateStore {
 
@@ -57,9 +58,9 @@ public void addCertificateChain(List<BurpCertificate> burpCertificateChain) {
 	 */
 	public void removeCertificate(BurpCertificate burpCertificate) {
 		@SuppressWarnings("unchecked")
-		Enumeration<DefaultMutableTreeNode> en = rootNode.depthFirstEnumeration();
+		Enumeration<TreeNode> en = rootNode.depthFirstEnumeration();
 		while (en.hasMoreElements()) {
-			DefaultMutableTreeNode foundNode = en.nextElement();
+			DefaultMutableTreeNode foundNode = (DefaultMutableTreeNode) en.nextElement();
 			if (foundNode.getUserObject() instanceof BurpCertificate) {
 				if (foundNode.getUserObject() == burpCertificate) {
 					foundNode.removeFromParent();
@@ -95,9 +96,9 @@ public DefaultMutableTreeNode getRootNode() {
 	public List<BurpCertificate> getBurpCertificatesWithPrivateKey() {
 		List<BurpCertificate> certificatesWithPrivateKey = new LinkedList<>();
 		@SuppressWarnings("unchecked")
-		Enumeration<DefaultMutableTreeNode> en = rootNode.depthFirstEnumeration();
+		Enumeration<TreeNode> en = rootNode.depthFirstEnumeration();
 		while (en.hasMoreElements()) {
-			DefaultMutableTreeNode foundNode = en.nextElement();
+			DefaultMutableTreeNode foundNode = (DefaultMutableTreeNode) en.nextElement();
 			if (foundNode.getUserObject() instanceof BurpCertificate) {
 				BurpCertificate b = (BurpCertificate) foundNode.getUserObject();
 				if (b.hasPrivateKey()) {

diff --git a/src/test/java/application/HTTPHelpersTest.java b/src/test/java/application/HTTPHelpersTest.java
@@ -1,16 +1,13 @@
 package application;
 
-import static org.junit.Assert.assertEquals;
 import helpers.HTTPHelpers;
+import org.junit.Test;
 
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
+import java.util.Base64;
 import java.util.zip.DataFormatException;
 
-import org.junit.Test;
-
-import sun.misc.BASE64Decoder;
-import sun.misc.BASE64Encoder;
+import static org.junit.Assert.assertEquals;
 
 public class HTTPHelpersTest {
 	HTTPHelpers helpers = new HTTPHelpers();
@@ -19,15 +16,15 @@ public class HTTPHelpersTest {
 	String decompressed = "<samlp:LogoutResponse xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" ID=\"_6acb7c41720ef5f00c4c32f6016cb39d7f1c09a888\" Version=\"2.0\" IssueInstant=\"2015-07-19T13:34:02Z\" Destination=\"http://samluelsp/simplesaml/module.php/saml/sp/saml2-logout.php/default-sp\" InResponseTo=\"_9268bb72d0db244ef79cd309265edebbdee77d9b98\"><saml:Issuer>http://samluelidp</saml:Issuer><samlp:Status><samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:Success\"/></samlp:Status></samlp:LogoutResponse>";
 
 	@Test
-	public void testInflate() throws UnsupportedEncodingException, IOException, DataFormatException {
-		byte[] valueDecoded = (new BASE64Decoder()).decodeBuffer(compressed);
+	public void testInflate() throws IOException, DataFormatException {
+		byte[] valueDecoded = Base64.getDecoder().decode(compressed);
 		assertEquals(decompressed, new String(helpers.decompress(valueDecoded, true), "UTF-8"));
 	}
 
 	@Test
-	public void testDeflate() throws UnsupportedEncodingException, IOException, DataFormatException {
+	public void testDeflate() throws IOException {
 		byte [] valueCompressed = helpers.compress(decompressed.getBytes("UTF-8"), true);
-		String result = (new BASE64Encoder()).encode(valueCompressed);
+		String result = Base64.getEncoder().encodeToString(valueCompressed);
 		result = result.replaceAll("\\r?\\n", "");
 		assertEquals(compressed, result);
 	}
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,3 +5,5 @@ bin/ @@
     lib/burpsuite_*.jar
     target/
     SAMLRaiderDebug.log
+    .idea/
+    *.iml