From: Christian Martorella (cmartorella@edge-security.com)
Date: Sat Sep 01 2007 - 07:29:33 EDT
Hi, for pentesting web services you could use wsfuzzer from Neurofuzz,
you can get it and read more about it here:
http://www.neurofuzz.com/modules/software/wsfuzzer.php
Hope it helps,
Christian Martorella
laramies.blogspot.com
www.edge-security.com
wavefront1@shaw.ca wrote:
> I am trying to use wsdigger from Foundstone against a web services site over SSL. wsdigger does not support SSL, so I am using stunnel to take care of that. This works and I can enumerate the services. Unfortunately the Service URL gets picked up (correctly) with the https prefix. Unfortunately the wsdigger UI does not allow me to edit the Service URL field. Has anyone updated wsdigger to deal with ssl sites? Is there some workaround available?
>
> On a broader tack: What do pentesters out there actually use against web services?
>
> Thanks
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:05 EDT