Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Problem with burp extension to automate security checks of single sign-on

Tom Jun 13, 2018 01:00PM UTC

Hello,

I'm currently trying to develop (jython) extension to automate some work with single sign-on protocols (like oauth, saml etc.). The main idea how it would work is:
- Check requests if it's an sso request
- Determine which one it is
- Perform some passive checks
- Perform active checks which would lead to start a new chain of authorization with protocol and perform some attacks (f.e. XSW for SAML).

As for passive checks I do not have a problems with them (using baseRequestResponse at the doPassiveScan function mostly), I can't really think of the hooks (looking at documentation) that I can use to perform the active checks that will work as in my idea.

I will be glad if you will show me the way a bit in that case

Regards,
Tom


Paul Johnston Jun 14, 2018 09:50AM UTC Support Center agent

Hi Tom,

That sounds like an interesting extension. There are some SSO extensions in the BApp Store already; it would be interesting to consult them.

I expect you’ve already discovered the IScannerCheck interface and that you can override doActiveScan. You should perform your active checks within that method. You can use callbacks.makeHttpRequest to issue a request, which will go through Burp’s network stack, including session handling rules. If there any specific issue you’re having doing that?


Post Your public answer

Your name
Your email address
Answer