How to create a local client to consume web service?

Viewing 4 reply threads
  • Author
    Posts
    • #5047
      cgseymour
      Participant

      Hello,
      I am a somewhat newbie pen-tester.  I have been tasked by my company to pen test one of our web sites (Silverlight, ASP.Net).
      The WSDL is not published.

      How could I go about creating a local client to try to consume some of the web services?

      Any articles, books, tutorials or pointers would be greatly appreciated.

      Thanks.

      Chris

    • #32020
      Dengar13
      Participant

      Hello and welcome to the forum!

      I am sorry if I do not understand what you are exactly asking; what do you mean when by “creating a local client to try to consume some of the web services?”

      Are you saying that the site(s) are in the developmental stages and you want to run local pen tests?

      Please clarify. 

    • #32021
      cgseymour
      Participant

      Sorry I wasn’t more clear
      What I would like to be able to do, is to see if I could create a local client (say in c#) that would call the remote web service to see if I can return information from the service without proper authorization.

      So within the company application this service would require authorization and authentication — I want to see if it is possible to access the web service without the proper credentials and determine if any of th company data could be at risk

      I hope that makes more sense.

      Thanks.

    • #32022
      Ketchup
      Participant

      I may be missing something, but I don’t think that you have to write anything for that.  Fire up any intercepting proxy based tool, like Burp or WebScarab, access your web application through the proxy.  It will begin to record all requests.  You can then manipulate those requests and replay them, all in the tool. 

    • #32023
      caissyd
      Participant

      Hey,

      I have wrote several web services myself for a “Big Bank” and the best tool to use is soapUI http://www.soapui.org/. Very easy to use.

      The WSDL is not published

      What do you mean by the WSDL is not published? It should always be… That’s one of the fundamental piece of SOAP. Do you mean there is no “publicity” about them or they aren’t available at all? If they aren’t available, then soapUI isn’t the best tool…

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?