SAML token sent within JSON are not detected

[jcmoreno]

Hi,

Can SAML requests embedded within JSON be detected?

I could also take a stab at it but where should I begin?

Excellent tool BTW.

Thank you

[emanuelduss]

Hi jcmoreno

Thanks for the positive feedback!

Sadly, no.

SAML Raider currently can only detect SAML Messages if they are inside a GET parameter called SAMLRequest or SAMLResponse or in the POST body.

There is already another issue (https://github.com/SAMLRaider/SAMLRaider/issues/30) that addresses that SAML Messages are not detected within non-default parameter names (like the two mentioned above).

There is another related issue: https://github.com/SAMLRaider/SAMLRaider/issues/8. So it seems that there is sometimes a SAML message just somewhere around.

If you want to look into it, you should have a look at the class that detects the SAML Message, and rebuilds it after a modification. This is the class SamlTabController (src/main/java/application/SamlTabController.java). If you ask me now, the class looks a bit messy and it's probbably not so easy to add JSON support. But generally speaking, it should be possible.

At the moment, the code looks a bit messy and very static and a complete rewrite of the SAML Message detection should be done.

Question to you: Have you encountered a SAML message like this before? How yould you detect it inside the JSON payload? Does it have a key name or is it just some url/base64 encoded string somewhere inside the JSON?

Thanks and best regards, Emanuel