Hunt authentication bypass vulnerabilities
hunt-auth-bypassskillsetup L1★1,791
elementalsouls/Claude-BugHunter ↗What it does
Exploit SAML/JWT/XMLRPC authentication-bypass vulnerabilities in SSO flows
Best for
SSO security testing when SAML signature stripping and parser-differential attacks apply.
Inputs
- · SAML assertion or JWT token
- · SSO endpoint
Outputs
- · SAML XSW (XML Signature Wrapping) payload
- · signature-stripping bypass
- · JWT alg-confusion payload
Requires
- · Burp SAML editor plugin
- · jwt-forge
- · curl
Preconditions
SAML or JWT-based SSO; no signature validation hardening
Failure modes
SAML validation already implemented (signature validation, namespace checking); parser hardened
Trust signals
- · Built from 12 public HackerOne reports (GitHub Enterprise, Slack, Uber, Rocket.Chat)
- · SAML XSW + signature-stripping + domain-bypass patterns
- · JWT alg-confusion + signature-validation skip