Tuesday, December 7, 2021

Python Script for SAML2 Authentication Passwordspray

SAML2Spray

Python Script for SAML2 Authentication Passwordspraying against Sibboleth and SAP IDPs.

In a recent pentest I came accross the need to passwordspray a SAML2 authentication. As I couldn’t find a ready to go solution, nor was able to do it with burp, I created my own little script to do the job for me.

TL/DR;

The script needs some tweaking to fit you current situation:

The URL for the service you want to access

The URL for the Identity Provider which the Service Provider will redi…

Read More

Latest news
Related news