This repository was archived by the owner on Sep 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathextract-saml-request-infos.py
More file actions
53 lines (46 loc) · 1.58 KB
/
extract-saml-request-infos.py
File metadata and controls
53 lines (46 loc) · 1.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
import sys
import base64
import re
import xml.etree.ElementTree as ET # nosec B405
import zlib
import urllib.parse
"""
PIPER script to extract and pretty-display information from a SAML request present in an HTTP request.
Target tool: Message viewers
Require that HTTP headers been passed
No filters needed
"""
DEFAULT_ENCODING = "utf-8"
def decode(saml_content):
# Taken from
# https://github.com/onelogin/python-saml/blob/master/src/onelogin/saml2/utils.py#L98
decoded = urllib.parse.unquote(saml_content)
decoded = base64.b64decode(decoded.encode(DEFAULT_ENCODING))
try:
result = zlib.decompress(decoded, -15)
except Exception:
result = decoded
return result.decode(DEFAULT_ENCODING)
def pretty_print(saml_content):
element = ET.XML(saml_content)
ET.indent(element)
return ET.tostring(element, encoding='unicode')
# Match pattern representing a SAML request structure like the following:
# SAMLRequest=xxxx
expr = r'SAMLRequest=([a-zA-Z0-9%_\-=/+]+)'
# Extract the whole request content
request = "".join(sys.stdin)
# Extract any SAML request
saml_requests = re.findall(expr, request, re.MULTILINE)
count = len(saml_requests)
if count == 0:
print("No SAML request found.")
else:
print(f"{count} SAML request found.")
for saml_request in saml_requests:
try:
saml_request_formatted = pretty_print(decode(saml_request))
print("[+] XML formatted:")
print(saml_request_formatted)
except Exception as e:
print(f"[!] Error during processing of SAML request '{saml_request}':\n{str(e)}")