The extension is based on the BurpSSO Extension, developed by the Chair of Network and Data Security, Ruhr University Bochum and the 3curity GmbH. The extension is part of a bachelor thesis by Tim Guenther at the Ruhr-University Bochum in cooperation with Context Information Security Ltd..
Supported Protocols:
- SAML
- OpenID
- OAuth
- BrowserId
- OpenID Connect
- Facebook Connect
- Microsoft Account
- WS-Attacker integration while interception SAML messages
- View and edit SAML messages.
- Show SAML in a history tab
- Syntax Highlight
- Context menu for 'Analyze SSO Protocol'
- SAML
- JSON
- JSON Web Token (JWT)
- Highlight SSO messages in proxy window, incl. the SSO type.
- Detect OpenID login possibilities on websites (other protocols will follow).
$ mvn clean package
(Please start Burp with Java 1.8)
- Build the JAR file as described above, or download it from releases.
- Load the JAR file from the target folder into Burp's Extender. (Start Burp with Java 1.8)
- SSO messages are highlighted automatically in Burp's HTTP history (Proxy tab).
- A History, Options and Help can be found in a new tab called 'EsPReSSO'
Dependencie | Licence | Access Date | Link | Copyright (c) Date, Name |
---|---|---|---|---|
RSyntaxTextArea | modified BSD license | 20.09.2015 | https://github.com/bobbylight/RSyntaxTextArea | 2012, Robert Futrell |
json-simple | Apache License 2.0 | 20.09.2015 | https://code.google.com/p/json-simple/ | Unkown, Yidong Fang |
WSAttacker | GNU General Public License v2.0 | 20.09.2015 | https://github.com/RUB-NDS/WS-Attacker/ | 2012, Christain Mainka, Andreas Falkenberg, Jurai Somorovski, et al. |
- Java 1.8.0._60
- Burp Suite 1.6.01
- Arch Linux 4.1.6-1-arch, amd64
- Netbeans 8.0.2
- Maven 3.3.3