none
BRM Analyzer bugs

    General discussion

  • This post is to keep track of bugs in the BRM analyzer:

      * when I mouseover "Cookies:", "Arguments:", etc, these words are highlighted, which doesn't make sense.

      * cannot add a propagation link from BRM3->wreply to BRM ->dst in the investigation case of sts->benefits.

    *






    Tuesday, January 24, 2012 11:43 PM
    Owner

All replies

  • Dear All,


    We are three Ph.D students from National University of Singapore, studying on security protocol verification recently.

    We just used your BRM analyzer tool (http://sso-analysis.org/) for some analysis work these days, and have met a problem that we can't solve.


    Here is the problem:

    As per the tutorial on your page(http://sso-analysis.org/aaas/brm-analyzer.html), we recorded the traffic messages from Firefox browser (version 11.0) using Live HTTP Header add-on, and saved them into three txt files (one for the first test with user1, one for the second test with user1 on the same machine, and last one for the test with user2 also on the same machine, exactly as what you present in the tutorial). Then we submitted these three files on the submitting page, chose the facebook.com as our IdP and sears.com as our RP which exactly are the ID provider and relying party in our test, and start the test. Unfortunately, there will always be an error occurs, which says 


    error:

    getFormatStr({"isKEYWORD":0,"isKEYWORD_LIST":0,"isSTRING":0,"isNUMBER":0,"isURL":0,"isJSON";0}) 


    We have never got any result of the analysis and can't figure out what is wrong. 

    Could you please help us!!?

    Friday, March 30, 2012 2:44 PM
  • Dear All,


    We are three Ph.D students from National University of Singapore, studying on security protocol verification recently.

    We just used your BRM analyzer tool (http://sso-analysis.org/) for some analysis work these days, and have met a problem that we can't solve.


    Here is the problem:

    As per the tutorial on your page(http://sso-analysis.org/aaas/brm-analyzer.html), we recorded the traffic messages from Firefox browser (version 11.0) using Live HTTP Header add-on, and saved them into three txt files (one for the first test with user1, one for the second test with user1 on the same machine, and last one for the test with user2 also on the same machine, exactly as what you present in the tutorial). Then we submitted these three files on the submitting page, chose the facebook.com as our IdP and sears.com as our RP which exactly are the ID provider and relying party in our test, and start the test. Unfortunately, there will always be an error occurs, which says 


    error:

    getFormatStr({"isKEYWORD":0,"isKEYWORD_LIST":0,"isSTRING":0,"isNUMBER":0,"isURL":0,"isJSON";0}) 


    We have never got any result of the analysis and can't figure out what is wrong. 

    Could you please help us!!?

    I have exactly the same problem, could you please look into it? I'd love to use your tool to improve our product!


    Btw, I tried it on several browsers (FireFox 11 on mac, Chrome 18 on mac, IE8 on Windows) all with the same result.
    Tuesday, April 03, 2012 7:28 AM
  • Dear All,


    We are three Ph.D students from National University of Singapore, studying on security protocol verification recently.

    We just used your BRM analyzer tool (http://sso-analysis.org/) for some analysis work these days, and have met a problem that we can't solve.


    Here is the problem:

    As per the tutorial on your page(http://sso-analysis.org/aaas/brm-analyzer.html), we recorded the traffic messages from Firefox browser (version 11.0) using Live HTTP Header add-on, and saved them into three txt files (one for the first test with user1, one for the second test with user1 on the same machine, and last one for the test with user2 also on the same machine, exactly as what you present in the tutorial). Then we submitted these three files on the submitting page, chose the facebook.com as our IdP and sears.com as our RP which exactly are the ID provider and relying party in our test, and start the test. Unfortunately, there will always be an error occurs, which says 


    error:

    getFormatStr({"isKEYWORD":0,"isKEYWORD_LIST":0,"isSTRING":0,"isNUMBER":0,"isURL":0,"isJSON";0}) 


    We have never got any result of the analysis and can't figure out what is wrong. 

    Could you please help us!!?

    I have exactly the same problem, could you please look into it? I'd love to use your tool to improve our product!


    Btw, I tried it on several browsers (FireFox 11 on mac, Chrome 18 on mac, IE8 on Windows) all with the same result.

    Thanks for helping us improve the service. We are working on a fix. We will let you know once the update is live.

    Rui Wang

    Friday, April 06, 2012 5:21 AM
    Owner
  • Dear All,


    We are three Ph.D students from National University of Singapore, studying on security protocol verification recently.

    We just used your BRM analyzer tool (http://sso-analysis.org/) for some analysis work these days, and have met a problem that we can't solve.


    Here is the problem:

    As per the tutorial on your page(http://sso-analysis.org/aaas/brm-analyzer.html), we recorded the traffic messages from Firefox browser (version 11.0) using Live HTTP Header add-on, and saved them into three txt files (one for the first test with user1, one for the second test with user1 on the same machine, and last one for the test with user2 also on the same machine, exactly as what you present in the tutorial). Then we submitted these three files on the submitting page, chose the facebook.com as our IdP and sears.com as our RP which exactly are the ID provider and relying party in our test, and start the test. Unfortunately, there will always be an error occurs, which says 


    error:

    getFormatStr({"isKEYWORD":0,"isKEYWORD_LIST":0,"isSTRING":0,"isNUMBER":0,"isURL":0,"isJSON";0}) 


    We have never got any result of the analysis and can't figure out what is wrong. 

    Could you please help us!!?

    I have exactly the same problem, could you please look into it? I'd love to use your tool to improve our product!


    Btw, I tried it on several browsers (FireFox 11 on mac, Chrome 18 on mac, IE8 on Windows) all with the same result.


    Thanks for helping us improve the service. We are working on a fix. We will let you know once the update is live.

    Rui Wang

    Change has been checked in. Please feel free to test. Let us know any problems that you are aware. Thanks a lot for helping us improve.

    Rui Wang

    Friday, April 06, 2012 6:18 PM
    Owner
  • Hi Rui,

    Thanks for fixing the previous bug! 

    It does work now! However, I still do get an exception (now on the page where I have to exclude non important resources). But when I wait the results do get loaded.

    error: getFormatStr({"isKEYWORD":0,"isKEYWORD_LIST":0,"isSTRING":0,"isNUMBER":0,"isURL":0,"isJSON":0})

    Regards,
    Stein

    Tuesday, April 10, 2012 1:36 PM
  • Hi Rui,

    Thanks for fixing the previous bug! 

    It does work now! However, I still do get an exception (now on the page where I have to exclude non important resources). But when I wait the results do get loaded.

    error: getFormatStr({"isKEYWORD":0,"isKEYWORD_LIST":0,"isSTRING":0,"isNUMBER":0,"isURL":0,"isJSON":0})

    Regards,
    Stein

    Stein,

    You got this error because there is a data field which we cannot determine the format. We will fix this in the near future. But it does not block your use of the tool. In addition, if you see any data whose format is incorrect or missed, you can directly edit it. The way to do it is to click on the field, then a window will show up, in which you can do all the editing.

    Let us know if you have any further questions.

    Thanks,

    Rui


    Rui Wang

    Wednesday, April 11, 2012 5:37 PM
    Owner
  • wresult format is URL, and it causes display issue.

    Rui Wang

    Wednesday, May 16, 2012 4:47 PM
    Owner
  • Hi,

    I am trying to upload files in the same format as described in instructions. All I am getting from BRM Analyzer is a blank page with tiltle: "A Test Page".

    Wednesday, October 10, 2012 7:08 PM
  • I am able to do it now. Its fixed!! :)
    Wednesday, October 10, 2012 9:52 PM
  • Hi, I am again trying to run tests on BRM analyzer but it just displays a blank test page on Internet explorer and Fire Fox. On Google Chrome and Safari Browsers: it renders a page that asks to identify the domains of IdP and RPs followed by a scroll. But there is no option to make a selection and start analysis button is unresponsive.

    Secondly, in the research paper, it is written that after identifying the write-able fields in the BRM messages, the researchers were able to change the contents of that field and that let them Bob (adversary) log in as Alice. How to change the contents for real time analysis?

    Thanks,

    Hassan

    Thursday, November 01, 2012 8:08 PM
  • Hi, I am again trying to run tests on BRM analyzer but it just displays a blank test page on Internet explorer and Fire Fox. On Google Chrome and Safari Browsers: it renders a page that asks to identify the domains of IdP and RPs followed by a scroll. But there is no option to make a selection and start analysis button is unresponsive.

    Secondly, in the research paper, it is written that after identifying the write-able fields in the BRM messages, the researchers were able to change the contents of that field and that let them Bob (adversary) log in as Alice. How to change the contents for real time analysis?

    Thanks,

    Hassan


    fixed.

    Rui Wang

    Friday, November 30, 2012 1:03 AM
    Owner