Problem with burp extension to automate security checks of single sign-on
I'm currently trying to develop (jython) extension to automate some work with single sign-on protocols (like oauth, saml etc.). The main idea how it would work is:
- Check requests if it's an sso request
- Determine which one it is
- Perform some passive checks
- Perform active checks which would lead to start a new chain of authorization with protocol and perform some attacks (f.e. XSW for SAML).
As for passive checks I do not have a problems with them (using baseRequestResponse at the doPassiveScan function mostly), I can't really think of the hooks (looking at documentation) that I can use to perform the active checks that will work as in my idea.
I will be glad if you will show me the way a bit in that case
That sounds like an interesting extension. There are some SSO extensions in the BApp Store already; it would be interesting to consult them.
I expect you’ve already discovered the IScannerCheck interface and that you can override doActiveScan. You should perform your active checks within that method. You can use callbacks.makeHttpRequest to issue a request, which will go through Burp’s network stack, including session handling rules. If there any specific issue you’re having doing that?