Hello,
I'm currently trying to develop (jython) extension to automate some work with single sign-on protocols (like oauth, saml etc.). The main idea how it would work is:
- Check requests if it's an sso request
- Determine which one it is
- Perform some passive checks
- Perform active checks which would lead to start a new chain of authorization with protocol and perform some attacks (f.e. XSW for SAML).
As for passive checks I do not have a problems with them (using baseRequestResponse at the doPassiveScan function mostly), I can't really think of the hooks (looking at documentation) that I can use to perform the active checks that will work as in my idea.
I will be glad if you will show me the way a bit in that case
Regards,
Tom
↧