WebApp Sec mailing list archives

Re: SOAP inspection / tampering tools?

From: "if0ff () softhome net" <if0ff () softhome net>
Date: Thu, 16 Sep 2004 22:36:12 +0200

Check out XMLSpy. You can feed an WSDL file in order to use the provided
methods of a particular webservice. It's a commercial tool but trial
licence can be obtained for free.

http://www.xmlspy.com/download_spy_enterprise.html

Greets

if0ff


Sebastien Deleersnyder wrote:

Hi,
 
Are there any open-source / commercial tools available for inspection /
modification of 
SOAP traffic to perform audits on its security?
I am thinking of a local proxy-like program through which SOAP traffic
is channeled 
by e.g. modifying localhost : redirect traffic destined for target.com
to 127.0.0.1
The tool would allow for changing the SOAP content both in the
request/reply.
I imagine that this only makes sense if the SOAP goes over HTTP, HTTPS
protects against sniffing.
 
I know there are commercial tools available to scan a SOAP server on
vulnerabilities, such as

*     ScanDo (Kavado)
*     AppScan (Sanctum, now WatchFire)

How good are these in finding problems with SOAP calls?
Are there open-source equivalents?
 
Thank you,
 
Kind regards,
 
Sebastien

Current thread:

SOAP inspection / tampering tools? Sebastien Deleersnyder (Sep 16)
- Re: SOAP inspection / tampering tools? David Nester (Sep 16)
- Re: SOAP inspection / tampering tools? Adam Tuliper (Sep 16)
- Re: SOAP inspection / tampering tools? Rogan Dawes (Sep 16)
- Re: SOAP inspection / tampering tools? Yuri Demchenko (Sep 18)
- Re: SOAP inspection / tampering tools? Adam Tuliper (Sep 18)
- Re: SOAP inspection / tampering tools? if0ff () softhome net (Sep 18)
- Re: SOAP inspection / tampering tools? Mads Rasmussen (Sep 18)
- Re: SOAP inspection / tampering tools? enrico sabbadin @ sabbasoft (Sep 19)
- <Possible follow-ups>
- RE: SOAP inspection / tampering tools? Matt Fisher (Sep 16)
- RE: SOAP inspection / tampering tools? Bob Auger (Sep 18)