Lesson Plan Title: How to Perform WSDL Scanning

 

Concept / Topic To Teach:

Web Services communicate through the use of SOAP requests. These requests are submitted to a web service in an attempt to execute a function defined in the web service definition language (WSDL) file.

 

General Goal(s):

This screen is the API for a web service. Check the WSDL file for this web service and try to get some customer credit numbers.

 

Figure 1 Lesson 22

 

Solution:

 

Open the WSDL file in a new window. There is an operation getCreditCard.

 

 

Intercept the request with WebScarab and change the parameter to getCreditCard

 

Figure 2 WebScarab raw request

 

Figure 3 Lesson 22 Completed

 

 

Solution by Erwin Geirnaert ZION SECURITY