Automatic recognition, processing and attacking of single sign-on protocols with burp suite
| dc.contributor.author | Mainka, Christian | |
| dc.contributor.author | Mladenov, Vladislav | |
| dc.contributor.author | Guenther, Tim | |
| dc.contributor.author | Schwenk, Jörg | |
| dc.contributor.editor | Hühnlein, Detlef | |
| dc.contributor.editor | Roßnagel, Heiko | |
| dc.contributor.editor | Kuhlisch, Raik | |
| dc.contributor.editor | Ziesing, Jan | |
| dc.date.accessioned | 2017-06-30T02:54:29Z | |
| dc.date.available | 2017-06-30T02:54:29Z | |
| dc.date.issued | 2015 | |
| dc.description.abstract | SAML, Mozilla BrowserID, OpenID, OpenID Connect, Facebook Connect, Microsoft Account, OAuth - today's web applications are supporting a large set of Single Sign-On (SSO) solutions. Some of them have common properties and behavior, others are completely different. This paper will give an overview of modern SSO protocols. We classify them into two groups and show how to distinguish them from each other. We provide EsPReSSO, an open source Burpsuite plugin that identifies SSO protocols automatically in a browser's HTTP traffic and helps penetration testers and security auditors to manipulate SSO flows easily. | en |
| dc.identifier.isbn | 978-3-88579-645-9 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Open Identity Summit 2015 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-251 | |
| dc.title | Automatic recognition, processing and attacking of single sign-on protocols with burp suite | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 131 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 117 | |
| gi.conference.date | 10.-11. November 2015 | |
| gi.conference.location | Berlin |
Dateien
Originalbündel
1 - 1 von 1