The Burp Suite Extension EsPReSSO helps in the detection of various Single Sign-On protocols. It supports SAML, OpenID, OAuth, BrowserId, OpenID Connect, Facebook Connect and Microsoft Account. EsPReSSO passively analyzes the HTTP traffic and automatically highlights Single Sign-On messages in the Burp Suite proxy.

In addition, EsPReSSO provides editors for SAML and JSON Web tokens allowing to edit them easily. In addition, XML Signature Wrapping attack vectors can be created for SAML using the built-in WS-Attacker library.

To the project page