Penetration Testing mailing list archives

Re: web service fuzzers

From: Atrysk News <news () atrysk com>
Date: Fri, 7 Sep 2007 20:08:34 -0500

You might also check out the following (not necessarily fuzzers, butabsolutely in the ws space...)


        - wspawn
        - wsknight
        - wsrook
        - wsaudit

T

http://www.atrysk.com/











On Sep 7, 2007, at 5:21 AM, Jan Münther wrote:

fuzzing capability yet.  Any suggestions?

Mmhm, seen WSBang?
http://www.isecpartners.com/wsbang.html

Python's WSDL parsing / proxy class generation is somewhat b0rked, which
is one of the reasons I've started writing a webservice fuzzer in C#
which instantiates the proxy classes and uses reflection to find out
which arguments there are and how to fuzz them. It basically works, but
it's so cruddy and idiosyncratic I don't think it'll ever see anyone
else's harddisk. Just a suggestion on a concept in case you think of
rolling your own.

Cheers,

j.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

web service fuzzers Benny Tsai (Sep 06)
- RE: web service fuzzers Rui Pereira (WCG) (Sep 06)
- Re: web service fuzzers Jan Münther (Sep 07)
  - Re: web service fuzzers Atrysk News (Sep 07)
    - Re: web service fuzzers Benny Tsai (Sep 10)
    - Re: web service fuzzers Simone Savi (Sep 13)