WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SOAP inspection / tampering tools?

From: "Adam Tuliper" <amt () gecko-software com>
Date: Thu, 16 Sep 2004 09:46:50 -0400
Achilles at
http://achilles.mavensecurity.com/

burp proxy 
http://www.portswigger.net/proxy/help.html

for a bit more indepth but open source - spike proxy
http://www.immunitysec.com/resources-freesoftware.shtml

none soap specific per se but great at acting as a man in
the middle for altering/inspection


On Wed, 15 Sep 2004 10:11:23 +0200
 "Sebastien Deleersnyder" <sdl () ascure com> wrote:

Hi,
 
Are there any open-source / commercial tools available
for inspection /
modification of 
SOAP traffic to perform audits on its security?
I am thinking of a local proxy-like program through which
SOAP traffic
is channeled 
by e.g. modifying localhost : redirect traffic destined
for target.com
to 127.0.0.1
The tool would allow for changing the SOAP content both
in the
request/reply.
I imagine that this only makes sense if the SOAP goes
over HTTP, HTTPS
protects against sniffing.
 
I know there are commercial tools available to scan a
SOAP server on
vulnerabilities, such as

*     ScanDo (Kavado)
*     AppScan (Sanctum, now WatchFire)

How good are these in finding problems with SOAP calls?
Are there open-source equivalents?
 
Thank you,
 
Kind regards,
 
Sebastien


---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/
Previous By Date Next
Previous By Thread Next

Current thread: