WS-Attacker is a framework for services . It is a free and easy to use software solution, which provides an all-in-one checking interface with only a few clicks.

Features:

  • Automatic XML Encryption Attacks against Web Services
  • Automatic XML Signature Wrapping attack against Web Services
  • XML-Denial-of-Service Techniques against Web Services
  • SOAPAction Spoofing and WS-Addressing Spoofing
  • Further Attacks in Development (even apart from Web Services)

    Screenshots:

    Load a WSDL and set up request parameters
    Configuration: SOAPAction Spoofing
    Attack finished

    Submitting a test request

    Attack finished

    Configuration: WS Addressing Spoofing





    Source link

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here