WebApp Sec mailing list archives
RE: SOAP Debugger - a simple, generic SOAP client
From: "Ory Segal" <osegal () watchfire com>
Date: Fri, 17 Jun 2005 17:25:51 +0300
Hi, There's also a freeware tool written in .NET, which performs the same action. You can find it at: http://www.gotdotnet.com/team/tools/web_svc/default.aspx It's called WebServiceStudio -Ory -----Original Message----- From: Bob Auger [mailto:bauger () spidynamics com] Sent: Friday, June 17, 2005 4:37 PM To: Chuck; webappsec () securityfocus com Subject: RE: SOAP Debugger - a simple, generic SOAP client Hello Chuck, SPI Dynamics has a tool called the 'SOAP Editor' which allows parsing of WSDL files, and sending raw requests. Additional information on this tool including screenshots can be found in the white paper below. "SOAP Web Services Attacks Part1 - Introduction and Simple Injection: Are your web applications vulnerable?" http://www.spidynamics.com/assets/documents/SOAP_Web_Security.pdf - Robert Auger SPI Labs -----Original Message----- From: Chuck [mailto:chuck.lists () gmail com] Sent: Wednesday, June 15, 2005 1:03 PM To: webappsec () securityfocus com Subject: SOAP Debugger - a simple, generic SOAP client Hi all, I was looking for web service tools and I came across SOAP Debugger, available at http://shh.thathost.com/pub-java/. Has anyone used it? It is a neat little Java program (with a GUI) where you feed it a WSDL file and it lets you craft a request to the web service and displays the result. I tried it with the GoogleAPI wsdl and it worked for the spell check function, but it gave an error on the output from the seach... I guess that it couldn't interpret the result because it was not a basic type. The author says that he wrote it to fulfil his one time requirements and is now on to other things so he will not do any work on it, but it is open source. So, I was thinking about messing around with this, at least getting it to use a proxy so that I could run it through WebScarab and maybe even seeing if I could alter it to be a WebScarab plugin. It would be great to have some fuzzing ability, too. But, before I did any work on it, I wanted to check to see if there is anything else better already out there. Anyone know of anything? Chuck
Current thread:
- SOAP Debugger - a simple, generic SOAP client Chuck (Jun 15)
- Re: SOAP Debugger - a simple, generic SOAP client Zhiguly Hotel (Jun 16)
- Re: SOAP Debugger - a simple, generic SOAP client Sverre H. Huseby (Jun 16)
- <Possible follow-ups>
- Re: SOAP Debugger - a simple, generic SOAP client asmolen (Jun 16)
- RE: SOAP Debugger - a simple, generic SOAP client Smith, Carl (Jun 17)
- RE: SOAP Debugger - a simple, generic SOAP client Bob Auger (Jun 17)
- RE: SOAP Debugger - a simple, generic SOAP client Ory Segal (Jun 17)
- Re: SOAP Debugger - a simple, generic SOAP client Chuck (Jun 17)
- Message not available
- Fwd: SOAP Debugger - a simple, generic SOAP client Rush Molekilla (Jun 18)
- Re: SOAP Debugger - a simple, generic SOAP client Chuck (Jun 17)