Penetration Testing mailing list archives
Re: web service fuzzers
From: Jan Münther <jan.muenther () nruns com>
Date: Fri, 07 Sep 2007 12:21:14 +0200
fuzzing capability yet. Any suggestions?
Mmhm, seen WSBang? http://www.isecpartners.com/wsbang.html Python's WSDL parsing / proxy class generation is somewhat b0rked, which is one of the reasons I've started writing a webservice fuzzer in C# which instantiates the proxy classes and uses reflection to find out which arguments there are and how to fuzz them. It basically works, but it's so cruddy and idiosyncratic I don't think it'll ever see anyone else's harddisk. Just a suggestion on a concept in case you think of rolling your own. Cheers, j. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- web service fuzzers Benny Tsai (Sep 06)
- RE: web service fuzzers Rui Pereira (WCG) (Sep 06)
- Re: web service fuzzers Jan Münther (Sep 07)
- Re: web service fuzzers Atrysk News (Sep 07)
- Re: web service fuzzers Benny Tsai (Sep 10)
- Re: web service fuzzers Simone Savi (Sep 13)
- Re: web service fuzzers Atrysk News (Sep 07)