• Stars
    star
    131
  • Rank 275,867 (Top 6 %)
  • Language
    Java
  • License
    MIT License
  • Created over 5 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

DupeKeyInjector

Dupe Key Injector

Dupe Key Injetctor is a Burp Suite extension implementing Dupe Key Confusion, a new XML signature bypass technique presented at BSides/BlackHat/DEFCON 2019 "SSO Wars: The Token Menace" presentation.

Description

Dupe Key Confusion is a new attack to bypass XML signature verification by sending multiple key identifiers in the KeyInfo section. Vulnerable systems will use the first one to verify the XML signature and the second one to verify the trust on the signing party. This plugin applies this technique to SAML tokens by allowing to modify and then resign the SAML assertion with an arbitrary attacker-controlled key which is then send as the first element of the KeyInfo section, while the original key identifier is sent as the second key identifier.

For more details about this technique, please refer to the following materials:

Screenshot

Usage

Intercept a SAML request and use the Dupe Key Injector tab to modify the assertion and then re-sign it using one of the following techniques:

  • Re-sign with RSA key.
  • Re-sign with public certificate (only enabled when a public base64 certificate has been imported).

Build

mvn package

Authors

This plugin was developed as part of a Micro Focus Fortify research by:

Thanks

This plugin is strongly based on SAML Raider. It actually uses many of the helper methods to process SAML tokens and XML documents from this project.

License

MIT License

More Repositories

1

ysoserial.net

Deserialization payload generator for a variety of .NET formatters
C#
3,162
star
2

octo.nvim

Edit and review GitHub issues and pull requests from the comfort of your favorite editor
Lua
1,946
star
3

cheatsheets

random brain dumps
345
star
4

SerialKillerBypassGadgetCollection

Collection of bypass gadgets to extend and wrap ysoserial payloads
Java
339
star
5

JRE8u20_RCE_Gadget

JRE8u20_RCE_Gadget
Java
250
star
6

S2-046-PoC

S2-046-PoC
Java
114
star
7

codeql.nvim

CodeQL plugin for Neovim
Lua
84
star
8

codeql_grehack_workshop

GreHack 2021 CodeQL for Java workshop
CodeQL
75
star
9

BlockingServer

Web Server that serves a single file and keeps the connection open until user releases it.
Java
69
star
10

XMLDecoder

RCE Exploit PoC for XMLDecoder
Java
62
star
11

dotnet-deserialization-scanner

.NET Deserialization Passive Scanner
Java
43
star
12

SpringBreaker

Exploit PoC for Spring RCE issue (CVE-2011-2894)
Java
42
star
13

dotfiles

Shell
34
star
14

ViewStatePayloadGenerator

ViewState Payload Generator
C#
24
star
15

XStreamServer

RCE Exploit PoC for Spring based RESTFul APIs using XStream as Unmarshaler
Java
20
star
16

nautilus.nvim

A nice and cobaltish neovim theme
Lua
18
star
17

JVMDeserialization

PoC for Scala and Groovy
XSLT
14
star
18

RSA_RESTing

Demos for RSA talk: RESTing on your laurels will get you owned
Java
12
star
19

XStreamPOC

POC for XStream RCE
Java
12
star
20

logging-log4j2

Java
7
star
21

pwntester-blog

Pwntester Blog
HTML
7
star
22

OWASP-GoatDroid-Dolphis

OWASP GoatDroid Exploit Apps
Java
5
star
23

cobalt2.vim

Color scheme for vim
Vim Script
5
star
24

OGNLInjection

OGNL Expression Injection Tescase
Java
5
star
25

hc0n_log4j

Java
5
star
26

jdeserialize

Automatically exported from code.google.com/p/jdeserialize
Java
3
star
27

StaticInitializerPayload

Java
3
star
28

RestletXMLDecoder

Restlet API consuming XML serialized Java Objects. Vulnerable to XXE and RCE (if third party libraries like GroovyShell are found in the classpath)
Java
3
star
29

cobange

Neovim color scheme
Vim Script
2
star
30

XQueryInjection

XQuery Injection Testcases
JavaScript
2
star
31

csaw2016_rock

Python
2
star
32

pwntester.github.io

pwntester Blog
HTML
2
star
33

test-project

Dockerfile
2
star
34

gh-cdr

gh-cdr
Go
2
star
35

crane.nvim

Lua
2
star
36

docs

1
star
37

gh-mrva

1
star
38

codeql-cs-template

Dockerfile
1
star
39

FortifyHighlighter

Sublime Text Editor Themes for Fortify rulepacks and NSTs
1
star