Re: web service fuzzers

[Jan Münther <jan.muenther () nruns com>]

> fuzzing capability yet.  Any suggestions?
>
>   
Mmhm, seen WSBang?
http://www.isecpartners.com/wsbang.html

Python's WSDL parsing / proxy class generation is somewhat b0rked, which
is one of the reasons I've started writing a webservice fuzzer in C#
which instantiates the proxy classes and uses reflection to find out
which arguments there are and how to fuzz them. It basically works, but
it's so cruddy and idiosyncratic I don't think it'll ever see anyone
else's harddisk. Just a suggestion on a concept in case you think of
rolling your own.

Cheers,

j.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------