Skip to content

sig1nt/SWArevealer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

SWArevealer

This is an implementation of the attack described in https://pushsecurity.com/blog/okta-swa/, all credit for discovery goes to them.

I was specifically interested in the threat of "An attacker who has user credentials on an account which has password visibility disabled can get access to passwords".

Build

One the repository is cloned, it can be built with:

go build

Usage

In order to run, this code needs the base url of your tenant (https://.okta.com), as well as the username and password for an account. It will enumerate all SWA's assigned to that account and extract the password via the method in the referenced blog post

Limitations

  • This currently does not support MFA, but it would be trivial to add by modifying the getSidForClient method. I might get around to this at some point, but if you get there first, feel free to send over a PR ;).

  • There's a parsing bug with the state token where sometimes a state token is given that has characters which are invalid to put in a cookie. This throws a general error and the causes the tool to stop. My workaround for this is to just run the tool again.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages