The extension is based on the BurpSSO Extension, developed by the Chair of Network and Data Security, Ruhr University Bochum and the Hackmanit GmbH. The extension is part of a bachelor thesis by Tim Guenther at the Ruhr-University Bochum in cooperation with Context Information Security Ltd..
Supported Protocols:
- SAML
- OpenID
- OAuth
- BrowserId
- OpenID Connect
- Facebook Connect
- Microsoft Account
- WS-Attacker integration while intercepting SAML messages
- DTD-Attacker integration while intercepting SAML messages
- XML-Encryption-Attacker integration while intercepting SAML messages
- Syntax Highlight
- Highlight SSO messages in proxy window and display the protocol type
- Show all recognized SSO messages in a history tab
- Context menu for 'Analyze SSO Protocol'
- View and edit SAML
- View JSON and JSON Web Token (JWT)
$ mvn clean package
(Please start Burp with Java 1.8)
- Build the JAR file as described above, or download it from releases.
- Load the JAR file from the target folder into Burp's Extender. (Start Burp with Java 1.8)
- SSO messages are highlighted automatically in Burp's HTTP history (Proxy tab).
- SAML, JSON and JWT editors and viewers attached automatically.
- A SSO History, Options and Help can be found in a new tab called 'EsPReSSO'.
Dependency | Licence | Access Date | Link | Copyright (c) Date, Name |
---|---|---|---|---|
RSyntaxTextArea | modified BSD license | 20.09.2015 | https://github.com/bobbylight/RSyntaxTextArea | 2012, Robert Futrell |
json-simple | Apache License 2.0 | 20.09.2015 | https://code.google.com/p/json-simple/ | Unkown, Yidong Fang |
WSAttacker | GNU General Public License v2.0 | 20.09.2015 | https://github.com/RUB-NDS/WS-Attacker/ | 2012, Christain Mainka, Andreas Falkenberg, Jurai Somorovski, et al. |
junit | Eclipse Public License 1.0 | 12.03.2018 | https://github.com/junit-team/junit4 | Unkown, Erich Gamma and Kent Beck. |
jutf7 | MIT license | 12.03.2018 | https://sourceforge.net/projects/jutf7/ | 2011, Jaap Beetstra |
commons-io | Apache License 2.0 | 12.03.2018 | https://github.com/apache/commons-io | 2012, Scott Sanders, et al. |
- Java 1.8.0._151
- Burp Suite 1.7.36
- Ubuntu 16.04.3 LTS, amd64
- Netbeans 8.2
- Maven 3.3.9