From: Mark Curphey (mark@curphey.com)
Date: Mon Jul 11 2005 - 09:07:43 EDT
We have just released a new open source free tool for hacking web services.
It's called WSDigger and is written to run on C# for .NET 1.1 (Win32).
http://www.foundstone.com/resources/s3i_tools.htm
The user specifies a UDDI and a search criteria such as "weather", the tool
determines and displays the possible available services. The user then
selects a service to connect to and the tool gets the WSDL and displays the
methods such as getHumidty(); or getTemp(); The user can then apply a
payload such as SQL Injection or XPATH injection and determine if the web
service has common vulnerabilities. The tool is written to accept plugins
(we ship with 3 sample plugins for XSS, SQL Injection and XPATH injection).
There will be a Sourceforge CVS tree to submit plugins for the framework. It
should be very easy to write any number of fuzzing type plugins. The code is
in the download and will in the CVS at
http://sourceforge.net/projects/foundstone/ this week.
You can see screen shots from a blog posting last Friday here
https://www.threatsandcountermeasures.com/blogs/marksblog/archive/2005/07/08
/522.aspx
Enjoy !
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:32 EDT