.

SOAP Web Services Vulnerability Scanner/Methodology

<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Nov 20, 2012 9:34 am

Re: SOAP Web Services Vulnerability Scanner/Methodology

Thanks MaXe,

But other than what we have listed earlier, what features would you like to see in this WS Scanner?

Guys, I am very serious about writing a tool for that...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Nov 20, 2012 7:04 pm

Re: SOAP Web Services Vulnerability Scanner/Methodology

The ability to request ?wsdl from a URL where it isn't specified by default, form the XML request without redundant headers (e.g. the same header mentioned several times), interpreting WS-Security error messages and relaying them to the user saying e.g. "You need to specify a valid username and password", and when the basic request has been formed, the ability to fuzz each field, look at the response for both returned values and error messages and report that to the user :-)

In essence, creating a working XML request can sometimes be tricky with some clients where their ?wsdl specifies another endpoint than what you have been given, so the tool should also be able to use a hardcoded ?wsdl URL that does not change even if the ?wsdl says otherwise. The tool should accept sample requests provided by the user, which the user knows is working, bypassing the initial phase/process in the program of creating a working XML request that responds as it should.

Just some ideas and the most annoying issues I have come across when testing.

Oh yeah, the tool should be able to proxy as well, so it can go through Burp, etc.

I am mostly experiencing issues with a WSDL defining too much (useless) information and incorrect endpoints when I am testing a WSDL that has just been moved from one location to another (from production to development) where the WSDL hasn't been updated.
I'm an InterN0T'er
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Nov 20, 2012 7:57 pm

Re: SOAP Web Services Vulnerability Scanner/Methodology

MaXe wrote:I am mostly experiencing issues with a WSDL defining too much (useless) information and incorrect endpoints when I am testing a WSDL that has just been moved from one location to another (from production to development) where the WSDL hasn't been updated.


++1 to the 'useless' data piece (and the rest, but definitely that)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Nov 21, 2012 7:52 am

Re: SOAP Web Services Vulnerability Scanner/Methodology

Excellent MaXe, thanks a lot. I agree with all the required features. Thanks again!!

So I am "All In" now. I have started working on this project last weekend and at this point, I can send, receive and parse SOAP web services. Basic fuzzing will be the next step so in about a week from now, this part should be working.

I suspect that the Alpha version will be ready in March 2013. I will keep you guys posted! I will need knowledgeable testers...  ;)
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Nov 21, 2012 2:45 pm

Re: SOAP Web Services Vulnerability Scanner/Methodology

What are you writing this in (I seem to remember you working with Java)?

Have you thought about using Burp Extender? http://portswigger.net/burp/extender/
The day you stop learning is the day you start becoming obsolete.
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Nov 21, 2012 6:53 pm

Re: SOAP Web Services Vulnerability Scanner/Methodology

Yes, it's in Java.

As for the Burp Extender, I have an hard time working for free for a commercial tool (even if they have a community version)... :-\
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Sat Nov 24, 2012 2:00 pm

Re: SOAP Web Services Vulnerability Scanner/Methodology

H1t M0nk3y wrote:Yes, it's in Java.

As for the Burp Extender, I have an hard time working for free for a commercial tool (even if they have a community version)... :-\


Which was why I mentioned ZAP :)
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
Previous

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software