SAML token sent within JSON are not detected #31
Comments
|
Hi jcmoreno Thanks for the positive feedback! Sadly, no. SAML Raider currently can only detect SAML Messages if they are inside a GET parameter called There is already another issue (#30) that addresses that SAML Messages are not detected within non-default parameter names (like the two mentioned above). There is another related issue: #8. So it seems that there is sometimes a SAML message just somewhere around. If you want to look into it, you should have a look at the class that detects the SAML Message, and rebuilds it after a modification. This is the class SamlTabController (src/main/java/application/SamlTabController.java). If you ask me now, the class looks a bit messy and it's probbably not so easy to add JSON support. But generally speaking, it should be possible. At the moment, the code looks a bit messy and very static and a complete rewrite of the SAML Message detection should be done. Question to you: Have you encountered a SAML message like this before? How yould you detect it inside the JSON payload? Does it have a key name or is it just some url/base64 encoded string somewhere inside the JSON? Thanks and best regards, |
Hi,
Can SAML requests embedded within JSON be detected?
I could also take a stab at it but where should I begin?
Excellent tool BTW.
Thank you
The text was updated successfully, but these errors were encountered: