The Ethical Hacker Network - How to create a local client to consume web service?

EH-Net > Ethical Hacking Discussions and Related Certifications > Web Applications (Moderator: don) > How to create a local client to consume web service?

Pages: [1] Go Down

« previous next »

	Author	Topic: How to create a local client to consume web service? (Read 3441 times)
0 Members and 1 Guest are viewing this topic.

cgseymour

Newbie

Offline

Posts: 3

How to create a local client to consume web service?

« on: May 14, 2010, 07:14:34 AM »

Hello,
I am a somewhat newbie pen-tester. I have been tasked by my company to pen test one of our web sites (Silverlight, ASP.Net).
The WSDL is not published.

How could I go about creating a local client to try to consume some of the web services?

Any articles, books, tutorials or pointers would be greatly appreciated.

Thanks.

Chris


	Logged

Dengar13

Sr. Member

Offline

Posts: 380

Re: How to create a local client to consume web service?

« Reply #1 on: May 14, 2010, 07:56:00 AM »

Hello and welcome to the forum!

I am sorry if I do not understand what you are exactly asking; what do you mean when by "creating a local client to try to consume some of the web services?"

Are you saying that the site(s) are in the developmental stages and you want to run local pen tests?

Please clarify.


	Logged

A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

cgseymour

Newbie

Offline

Posts: 3

Re: How to create a local client to consume web service?

« Reply #2 on: May 14, 2010, 11:08:39 AM »

Sorry I wasn't more clear
What I would like to be able to do, is to see if I could create a local client (say in c#) that would call the remote web service to see if I can return information from the service without proper authorization.

So within the company application this service would require authorization and authentication -- I want to see if it is possible to access the web service without the proper credentials and determine if any of th company data could be at risk

I hope that makes more sense.

Thanks.


	Logged

Ketchup

Hero Member

Offline

Posts: 1021

Re: How to create a local client to consume web service?

« Reply #3 on: May 14, 2010, 12:04:54 PM »

I may be missing something, but I don't think that you have to write anything for that. Fire up any intercepting proxy based tool, like Burp or WebScarab, access your web application through the proxy. It will begin to record all requests. You can then manipulate those requests and replay them, all in the tool.


	Logged

~~~~~~~~~~~~~~
Ketchup

H1t M0nk3y

Hero Member

Offline

Posts: 864

Re: How to create a local client to consume web service?

« Reply #4 on: May 14, 2010, 02:03:32 PM »

Hey,

I have wrote several web services myself for a "Big Bank" and the best tool to use is soapUI http://www.soapui.org/. Very easy to use.

Quote

The WSDL is not published

What do you mean by the WSDL is not published? It should always be... That's one of the fundamental piece of SOAP. Do you mean there is no "publicity" about them or they aren't available at all? If they aren't available, then soapUI isn't the best tool...


	Logged

OSCP, GPEN, GWAPT, GSEC, CEH, CISSP

Pages: [1] Go Up

« previous next »

Jump to: