SAML Pummel is a BeanShell plug-in for WebScarab. It automates eight different injection attacks to assist in auditing the implementation of SAML 2.0 single sign-on systems.
- C14N Entity Expansion
- C14N Transforms
- Remote DTD
- Remote KeyInfo RetrievalMethod
- Remote KeyInfo WSSE Security Token Reference
- SignedInfo Remote Reference
- XSLT Transform URL Retrieval (Xalan)
- XSLT Transform Thread Suspension (Xalan)
Prerequisites:
- Java Runtime Environment 1.5 or greater,
- WebScarab (modified self-contained jar included)
