PeopleSoft Token Extractor
This extension help test PeopleSoft SSO tokens. The features are:
- Extracts and displays token information based on the decompressed data
- Generates the Hashcat format - to perform brute-force/dictionary attacks in order to obtain the local node password
- Generates a new PSTOKEN value that can be used in order to authenticate as another user (requires knowledge of the local node password)
This is a re-implementation of the TokenChpoken (https://erpscan.com/press-center/blog/peoplesoft-security-part-4-peoplesoft-pentest-using-tokenchpoken-tool/ - link is down) Tool developed by ERPScan.
|Author||Sayed Hamzah, Centurion Information Security|
|Last updated||11 January 2018|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.