.

How to create a local client to consume web service?

<<

cgseymour

Newbie
Newbie

Posts: 3

Joined: Thu May 14, 2009 8:32 am

Post Fri May 14, 2010 7:14 am

How to create a local client to consume web service?

Hello,
I am a somewhat newbie pen-tester.  I have been tasked by my company to pen test one of our web sites (Silverlight, ASP.Net).
The WSDL is not published.

How could I go about creating a local client to try to consume some of the web services?

Any articles, books, tutorials or pointers would be greatly appreciated.

Thanks.

Chris
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Fri May 14, 2010 7:56 am

Re: How to create a local client to consume web service?

Hello and welcome to the forum!

I am sorry if I do not understand what you are exactly asking; what do you mean when by "creating a local client to try to consume some of the web services?"

Are you saying that the site(s) are in the developmental stages and you want to run local pen tests?

Please clarify. 
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

cgseymour

Newbie
Newbie

Posts: 3

Joined: Thu May 14, 2009 8:32 am

Post Fri May 14, 2010 11:08 am

Re: How to create a local client to consume web service?

Sorry I wasn't more clear
What I would like to be able to do, is to see if I could create a local client (say in c#) that would call the remote web service to see if I can return information from the service without proper authorization.

So within the company application this service would require authorization and authentication -- I want to see if it is possible to access the web service without the proper credentials and determine if any of th company data could be at risk

I hope that makes more sense.

Thanks.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri May 14, 2010 12:04 pm

Re: How to create a local client to consume web service?

I may be missing something, but I don't think that you have to write anything for that.  Fire up any intercepting proxy based tool, like Burp or WebScarab, access your web application through the proxy.  It will begin to record all requests.  You can then manipulate those requests and replay them, all in the tool. 
~~~~~~~~~~~~~~
Ketchup
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri May 14, 2010 2:03 pm

Re: How to create a local client to consume web service?

Hey,

I have wrote several web services myself for a "Big Bank" and the best tool to use is soapUI http://www.soapui.org/. Very easy to use.

The WSDL is not published

What do you mean by the WSDL is not published? It should always be... That's one of the fundamental piece of SOAP. Do you mean there is no "publicity" about them or they aren't available at all? If they aren't available, then soapUI isn't the best tool...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software