Pentest Web Services

From: wavefront1@shaw.ca
Date: Fri Aug 31 2007 - 09:13:14 EDT


('binary' encoding is not supported, stored as-is) I am trying to use wsdigger from Foundstone against a web services site over SSL. wsdigger does not support SSL, so I am using stunnel to take care of that. This works and I can enumerate the services. Unfortunately the Service URL gets picked up (correctly) with the https prefix. Unfortunately the wsdigger UI does not allow me to edit the Service URL field. Has anyone updated wsdigger to deal with ssl sites? Is there some workaround available?

On a broader tack: What do pentesters out there actually use against web services?

Thanks

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:05 EDT