RE: SOAP Debugger - a simple, generic SOAP client

["Bob Auger" <bauger () spidynamics com>]

Hello Chuck,


SPI Dynamics has a tool called the 'SOAP Editor' which allows parsing of WSDL files, and sending raw requests. 
Additional information on this tool including screenshots can be found in the white paper below.

"SOAP Web Services Attacks Part1 - Introduction and Simple Injection: Are your web applications vulnerable?"
http://www.spidynamics.com/assets/documents/SOAP_Web_Security.pdf


- Robert Auger
SPI Labs


-----Original Message-----
From: Chuck [mailto:chuck.lists () gmail com]
Sent: Wednesday, June 15, 2005 1:03 PM
To: webappsec () securityfocus com
Subject: SOAP Debugger - a simple, generic SOAP client


Hi all,

   I was looking for web service tools and I came across SOAP
Debugger, available at http://shh.thathost.com/pub-java/.  Has anyone
used it?  It is a neat little Java program (with a GUI) where you feed
it a WSDL file and it lets you craft a request to the web service and
displays the result.  I tried it with the GoogleAPI wsdl and it worked
for the spell check function, but it gave an error on the output from
the seach... I guess that it couldn't interpret the result because it
was not a basic type.  The author says that he wrote it to fulfil his
one time requirements and is now on to other things so he will not do
any work on it, but it is open source.

   So, I was thinking about messing around with this, at least getting
it to use a proxy so that I could run it through WebScarab and maybe
even seeing if I could alter it to be a WebScarab plugin.  It would be
great to have some fuzzing ability, too.  But, before I did any work
on it, I wanted to check to see if there is anything else better
already out there.  Anyone know of anything?

Chuck