|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: SOAP inspection / tampering tools?
From: Adam Tuliper (amt
gecko-software.com)
Date: Thu Sep 16 2004 - 08:46:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Achilles at
http://achilles.mavensecurity.com/
burp proxy
http://www.portswigger.net/proxy/help.html
for a bit more indepth but open source - spike proxy
http://www.immunitysec.com/resources-freesoftware.shtml
none soap specific per se but great at acting as a man in
the middle for altering/inspection
On Wed, 15 Sep 2004 10:11:23 +0200
"Sebastien Deleersnyder" <sdlascure.com> wrote:
> Hi,
>
> Are there any open-source / commercial tools available
> for inspection /
> modification of
> SOAP traffic to perform audits on its security?
> I am thinking of a local proxy-like program through which
> SOAP traffic
> is channeled
> by e.g. modifying localhost : redirect traffic destined
> for target.com
> to 127.0.0.1
> The tool would allow for changing the SOAP content both
> in the
> request/reply.
> I imagine that this only makes sense if the SOAP goes
> over HTTP, HTTPS
> protects against sniffing.
>
> I know there are commercial tools available to scan a
> SOAP server on
> vulnerabilities, such as
>
> * ScanDo (Kavado)
> * AppScan (Sanctum, now WatchFire)
>
> How good are these in finding problems with SOAP calls?
> Are there open-source equivalents?
>
> Thank you,
>
> Kind regards,
>
> Sebastien
---------------------------------------------------------------------
Web mail provided by NuNet, Inc. The Premier National provider.
http://www.nni.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]