Professional Community
SAML Raider is a Burp Suite extension designed for testing SAML infrastructures. It offers two core functionalities: manipulating SAML messages and managing X.509 certificates.
The extension is divided into two main parts: the SAML message editor and the certificate management tool.
To test SAML environments more comfortably, you can add an intercept rule in the proxy settings. Add a new rule that checks for the parameter name SAMLResponse
in the request.
If you are working with a custom parameter name for a SAML message, this can be configured in the SAML Raider Certificates tab.
If you do not want SAML Raider to parse your SAML message before sending it to the server (for example, when performing XXE attacks), you can use the raw mode.
Author |
Author
Roland Bischofberger / Emanuel Duss / Tobias Hort-Giess |
---|---|
Version |
Version
2.3.0 |
Rating |
Rating |
Popularity |
Popularity |
Last updated |
Last updated
23 May 2025 |
Estimated system impact |
Estimated system impact
Overall impact: Low
Memory
Low
CPU
Low
General
Low
Scanner
Low
|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|
You can view the source code for all BApp Store extensions on our GitHub page. |
|
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates. |
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.