From daf62cd014a11c6c0e37d4b4a51461a4c5f2da9c Mon Sep 17 00:00:00 2001
From: sdcampbell <sdcampbell68@live.com>
Date: Wed, 18 Dec 2024 09:04:01 -0500
Subject: [PATCH] Added convert workflow to strip SAML signature

---
 .DS_Store                                     | Bin 0 -> 6148 bytes
 convert/.DS_Store                             | Bin 0 -> 8196 bytes
 convert/Strip SAML Signature/README.md        |   7 ++
 .../Strip SAML Signature.json                 |  92 ++++++++++++++++++
 4 files changed, 99 insertions(+)
 create mode 100644 .DS_Store
 create mode 100644 convert/.DS_Store
 create mode 100644 convert/Strip SAML Signature/README.md
 create mode 100644 convert/Strip SAML Signature/Strip SAML Signature.json

diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..b87c6ec4a3ca1d02f856ac2718a29d031c44529f
GIT binary patch
literal 6148
zcmeHKPiqrF6n~S(W@8beDD)yMcnvisK`36fX;LWo2fEcBRN`(E+oju`u)ApvA&_(Z
z4t@o%eiFZnC;h#d2_)O-MG%pBVdgjU=Djz}@6FC+h)8tCgC|5aB63g|%ePUj5gzAq
zLrO-o1r!|PFqWrbEJO4;pcTu2W#HdtfWO@`?a&!Tlo!6=J&f)AP@)!5S=iAzjVUZx
ze<@gRQb4DaBkmOqS8c_^g6%!pr&rXa9`%6-sJZ_Vn%8I@W8O;|6k>cT#He64NeRzJ
zX>l#$`|qv8Nj5Sk*Vk|qM_Jxzd=sUO@~zE^Q*pMO_x`z@_<4|zvrdq{<=(NBakyv)
z;hShU>DTV>%Onq?WSA<4XfTAyyOSsx$Vo?zlR>6@eLdh*ooc_fJ)O2%?Yi4+wr6#B
zy4!5j-FEBgY*uw1JbL`>sDBY(Ch{69fC!wlO70k30P|7c;L1;vSSDu}VXq23r$g}B
z1G7H$R{1Qk)oQj!$Y6%wnhX-}jn7Maqe@4JyN8Uu0Itaw@%~u$xJxI<S4tQ3kz%wa
z<Ra5UWO{^tfSt2$*DOasKr4U1fZ0h7p8-}Z1C{~Hz%m1TKDa21p24|Bb#$OoPXJ&U
zY9(l^zy3g%6+qA6Tq86Pp<RL6RhTD+FfRw8-7)SN`?*H#PD0I$IA&&HUMRvmJcO&v
zNq8D<Z5gl(tTM2nyEVT5d%u4FuR7VDWxz7<UojxcUBBDGlFZ$DV{v@fx+ot|SlDi^
mQMsTp*Rg8wRlJR&1Y<5YfS$p*Mra`RkAR}VR+fRk%D_+J#lyA$

literal 0
HcmV?d00001

diff --git a/convert/.DS_Store b/convert/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..aa908a824a47cd34ce1a18df440dc0c6b735a679
GIT binary patch
literal 8196
zcmeHM-A)rh6g~qeiw&d%G~Ad>;w`}n4T<rlw4h@A?cz_O26x-0Y$&@;yQMJ=Nw4)C
zd<AcP65quu{m#r*XSY;|7e;i3%$)iA&YAhnOsA(1ktp}-H;7h<$U$bA&!IRa@i^zP
zG?nx$K?>lB4yl2^_HHYxjm@?lmI2FvWxz6E8L$le4GiGT=HyIx_w}ePEd!Q;|B?az
ze2~a2ONkt6sXjVTs1N{h2Hh&5jyOPJWFkw69BQec(5a&bkw8TfVh9b#xa8@Or9=+3
z)Nm3SP9m`^k_bg8>%d7hokU4XTUrJz1LF*E?C#JSH7TIjjNkoM<YSDl(-!jDSCvpB
znx`^()J3GfNk!b#ZPaQMQJoqb`5VZOzd-I#csf#C%^(-)HY{}LNZIqSRu8p3^hvr$
zE<K`$Y1`ucn1(x8XNcSZHinc`0kR6sk{&}-C8Oa>M#B}l3yTlvKIR*HMr((TmEO0|
zdjKXwYNmBfHGiVZVBsvfls`Tg{#c@2Sd6i+2wrJpB{j4Hv_j~6LOs2<^oodmV`|Bb
zcvNfXLWjq?(kSH@6SZidv^U25l+nO`F*TTWW982m%y9<AzA#bqhTW&is}okNm^YEj
z@Hul8V0RMrt;C})dYaJ0XQPMl%+8s0v0$)%W<7qt+fMGpC%@eax^bcKSximOT(~&v
z%sM&ewR;ft-PntJ-Lltt$*sL8YWbtO=RXS?{r&uMB?@CN2pb&*2<i<?dG$O9>ruZP
z^}>2rVO>4o%sF%W`IW(7W23k#*Vl_Dt8#F2y|5~a8=EI5bI#>!*Kbw#4_ilJ^bYJI
z385u!csjAq&b;4aw-dIakWW18TOjsNFuLd9+_*bwFY}p9aXgMS?n)ZVCo_e;1iRJj
zUCm&yuL+pRc5o6?m^4$iWf?dx3{2~VuH+zhCjb6_UbbV`X&JB#{00MJX4~B^12}sA
zvpP7|mdJ0AIq|%qmI{JGh2xMa9Ebe=4@1-?rZT3K$f1_#LHgrA1Q_uN#|Wvn{Kt0&
N`~EBM*y3Mh;2ZfZZD9Za

literal 0
HcmV?d00001

diff --git a/convert/Strip SAML Signature/README.md b/convert/Strip SAML Signature/README.md
new file mode 100644
index 0000000..5663d47
--- /dev/null
+++ b/convert/Strip SAML Signature/README.md	
@@ -0,0 +1,7 @@
+# Strip SAML Signature
+
+Author: @lpha3ch0
+
+## Usage
+
+Highlight all of the POST data in a SAML request and use the URL Decode workflow to decode it. Then, select only the SAML data and use the Base64 decode workflow. Next, select the SAML data and use this workflow to strip the signature. Finally, Base64 encode the SAML data, URL encode the POST data, and send the request.
diff --git a/convert/Strip SAML Signature/Strip SAML Signature.json b/convert/Strip SAML Signature/Strip SAML Signature.json
new file mode 100644
index 0000000..4086d18
--- /dev/null
+++ b/convert/Strip SAML Signature/Strip SAML Signature.json	
@@ -0,0 +1,92 @@
+{
+  "description": "",
+  "edition": 2,
+  "graph": {
+    "edges": [
+      {
+        "source": {
+          "exec_alias": "exec",
+          "node_id": 0
+        },
+        "target": {
+          "exec_alias": "exec",
+          "node_id": 2
+        }
+      },
+      {
+        "source": {
+          "exec_alias": "exec",
+          "node_id": 2
+        },
+        "target": {
+          "exec_alias": "exec",
+          "node_id": 1
+        }
+      }
+    ],
+    "nodes": [
+      {
+        "alias": "convert_start",
+        "definition_id": "caido/convert-start",
+        "display": {
+          "x": -10,
+          "y": -120
+        },
+        "id": 0,
+        "inputs": [],
+        "name": "Convert Start",
+        "version": "0.1.0"
+      },
+      {
+        "alias": "convert_end",
+        "definition_id": "caido/convert-end",
+        "display": {
+          "x": -10,
+          "y": 140
+        },
+        "id": 1,
+        "inputs": [
+          {
+            "alias": "data",
+            "value": {
+              "data": "$javascript.data",
+              "kind": "ref"
+            }
+          }
+        ],
+        "name": "Convert End",
+        "version": "0.1.0"
+      },
+      {
+        "alias": "javascript",
+        "definition_id": "caido/code-js",
+        "display": {
+          "x": 50,
+          "y": 20
+        },
+        "id": 2,
+        "inputs": [
+          {
+            "alias": "data",
+            "value": {
+              "data": "$convert_start.data",
+              "kind": "ref"
+            }
+          },
+          {
+            "alias": "code",
+            "value": {
+              "data": "export function run(input, sdk) {\n  let xml = sdk.asString(input);\n  \n  // Remove ds:Signature from Response\n  xml = xml.replace(/<ds:Signature\\s+xmlns:ds=\"http:\\/\\/www\\.w3\\.org\\/2000\\/09\\/xmldsig#\">[\\s\\S]*?<\\/ds:Signature>/, '');\n  \n  // Remove ds:Signature from Assertion\n  xml = xml.replace(/<ds:Signature\\s+xmlns:ds=\"http:\\/\\/www\\.w3\\.org\\/2000\\/09\\/xmldsig#\">[\\s\\S]*?<\\/ds:Signature>/, '');\n\n  return xml;\n}",
+              "kind": "string"
+            }
+          }
+        ],
+        "name": "Javascript",
+        "version": "0.1.0"
+      }
+    ]
+  },
+  "id": "4162dba2-a8c4-4074-bde3-9958d4eeec35",
+  "kind": "convert",
+  "name": "Strip SAML Signatures"
+}
\ No newline at end of file