Re: [WEB SECURITY] HTTP Proxy for thick clients

["Ryan Barnett" <rcbarnett@xxxxxxxxx>]

------=_Part_71865_26582754.1188334147940
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

While not a proxy, SoapUI is a great client to use to interact with web
services - http://www.soapui.org/

There is a good tutorial document here that shows how to use SoapUI to
interact with the WS lessons in WebGoat -
http://www.zionsecurity.com/fileadmin/user_upload/Getting_started_with_OWASP_WebGoat_4.0_and_SOAPUI.pdf

-- 
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security Training
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache

On 8/27/07, Huan Chi <ktriv3di@msn.com> wrote:
>
> List,
>
> I am testing a .NET thick client application using web services. I am
> looking for an HTTP/TCP Proxy tool like PAROS / BURP which I can use to
> see
> the change the traffic. The application does not have a way to set proxy
> setting so I cannot use paros / burp and then do proxy chaining. Also,
> everything on the tunnel is SSL, so ethereal is not much help
>
> Also, any good tools to edit XML / SOAP traffic
>
> Thanks for suggesstions in advance
>
>
>
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>

------=_Part_71865_26582754.1188334147940
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

<div>While not a proxy, SoapUI is a great client to use to interact with web services - <a href="http://www.soapui.org/";>http://www.soapui.org/</a></div>
<div>&nbsp;</div>
<div>There is a good tutorial document here that shows how to use SoapUI to interact with the WS lessons in WebGoat - <a href="http://www.zionsecurity.com/fileadmin/user_upload/Getting_started_with_OWASP_WebGoat_4.0_and_SOAPUI.pdf";>
http://www.zionsecurity.com/fileadmin/user_upload/Getting_started_with_OWASP_WebGoat_4.0_and_SOAPUI.pdf</a></div>
<div><br>-- <br>Ryan C. Barnett<br>ModSecurity Community Manager<br>Breach Security: Director of Application Security Training<br>Web Application Security Consortium (WASC) Member<br>CIS Apache Benchmark Project Lead<br>
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC<br>Author: Preventing Web Attacks with Apache <br>&nbsp;</div>
<div><span class="gmail_quote">On 8/27/07, <b class="gmail_sendername">Huan Chi</b> &lt;<a href="mailto:ktriv3di@msn.com";>ktriv3di@msn.com</a>&gt; wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">List,<br><br>I am testing a .NET thick client application using web services. I am<br>looking for an HTTP/TCP Proxy tool like PAROS / BURP which I can use to see
<br>the change the traffic. The application does not have a way to set proxy<br>setting so I cannot use paros / burp and then do proxy chaining. Also,<br>everything on the tunnel is SSL, so ethereal is not much help<br><br>
Also, any good tools to edit XML / SOAP traffic<br><br>Thanks for suggesstions in advance<br><br><br><br><br>----------------------------------------------------------------------------<br>Join us on IRC: <a href="http://irc.freenode.net";>
irc.freenode.net</a> #webappsec<br><br>Have a question? Search The Web Security Mailing List Archives:<br><a href="http://www.webappsec.org/lists/websecurity/";>http://www.webappsec.org/lists/websecurity/</a><br><br>Subscribe via RSS:
<br><a href="http://www.webappsec.org/rss/websecurity.rss";>http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br><br></blockquote></div>

------=_Part_71865_26582754.1188334147940--