Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Problem with burp extension to automate security checks of single sign-on

Tom Jun 13, 2018 01:00PM UTC

Hello,

I'm currently trying to develop (jython) extension to automate some work with single sign-on protocols (like oauth, saml etc.). The main idea how it would work is:
- Check requests if it's an sso request
- Determine which one it is
- Perform some passive checks
- Perform active checks which would lead to start a new chain of authorization with protocol and perform some attacks (f.e. XSW for SAML).

As for passive checks I do not have a problems with them (using baseRequestResponse at the doPassiveScan function mostly), I can't really think of the hooks (looking at documentation) that I can use to perform the active checks that will work as in my idea.

I will be glad if you will show me the way a bit in that case

Regards,
Tom


Paul Johnston Jun 14, 2018 09:50AM UTC Support Center agent

Hi Tom,

That sounds like an interesting extension. There are some SSO extensions in the BApp Store already; it would be interesting to consult them.

I expect you’ve already discovered the IScannerCheck interface and that you can override doActiveScan. You should perform your active checks within that method. You can use callbacks.makeHttpRequest to issue a request, which will go through Burp’s network stack, including session handling rules. If there any specific issue you’re having doing that?


Post Your public answer

Your name
Your email address
Answer