Lesson
Plan Title: How to
Create a SOAP Request
Concept /
Topic To Teach:
Web
Services communicate through the use of SOAP requests. These requests are
submitted to a web service in an attempt to execute a function defined in the
web service definition language (WSDL). Let's learn something about WSDL files.
Check out WebGoat's web service description language (WSDL) file.
General
Goal(s):
Try
connecting to the WSDL with a browser or Web Service tool. The URL for the web
service is: http://localhost/WebGoat/services/SoapRequest The WSDL can usually
be viewed by adding a ?WSDL on the end of the web service request.
Figure 1 - Lesson 21
Solution:
Click on the
URL “WebGoat WSDL” to examine the Webservices Description Language file.
Figure 2 - WSDL
Count the
number of operations like getFirstName. There are 4 operations defined.
Figure 3 Enter the ID
For the next
question the getFirstNameRequest method uses an int as parameter type. Enter
int and click “Submit”.
Figure 4 Stage 2 Completed
Intercept the
HTTP Request with WebScarab and click on the “Raw” tab. Make sure that
“Intercept Responses” is selected.
- Change the POST header to open
the SoapRequest.
- Change the Content-Type to
text/xml.
- Add a header SOAPAction.
- Append the XML envelope to the
request
POST
http://neo:80/WebGoat/services/SoapRequest HTTP/1.1
Content-Type:
text/xml
SOAPAction:
<?xml
version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Body>
<ns1:getFirstName
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:ns1="http://lessons">
<id
xsi:type="xsd:int">101</id>
</ns1:getFirstName>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
The response
is Joe.
Figure 5 Intercept response
