RUB-NDS/WS-Attacker RUB-NDS/WS-Attacker

  • Stars
    star
    469
  • Rank 93,595 (Top 2 %)
  • Language
    Java
  • License
    GNU General Publi...
  • Created over 9 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
RUB-NDS/WS-Attacker
github

RUB-NDS

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (https://nds.rub.de/ ) and the Hackmanit GmbH (https://www.hackmanit.de/).

WS-Attacker

release licence travis

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum (https://nds.rub.de/) and the Hackmanit GmbH (https://hackmanit.de/).

The basic idea behind WS-Attacker is to provide a functionality to load WSDL files and send SOAP messages to the Web Service endpoints (which is executed using the underlying SoapUI framework). This functionality can be extended using various plugins and libraries to build specific Web Services attacks. You can find more information on the WS-Attacker architecture and its extensibility in our paper: Penetration Testing Tool for Web Services Security (https://www.nds.rub.de/research/publications/ws-attacker-paper/)

In the current version, WS-Attacker supports the following attacks:

Obtaining Runnable File

The first option to obtain a WS-Attacker jar file is from the sourceforge website: https://sourceforge.net/projects/ws-attacker/files/

The second option is to build it directly from the Github sources. For this purpose, you need:

  • Java 7 or 8
  • maven
  • git

You procede as follows. You first need to clone WS-Attacker sources (you can of course also download a ZIP file):

$ git clone https://github.com/RUB-NDS/WS-Attacker.git

Then you go to the WS-Attacker directory and use maven to build and package the files:

$ cd WS-Attacker
$ mvn clean package -DskipTests

Afterwards, you are able to go to the runnable directory and execute WS-Attacker:

$ cd runnable
$ java -jar WS-Attacker-1.9-SNAPSHOT.jar

WS-Attacker Usage

You can find the latest documentation on XML Signature Wrapping and DoS attacks here: https://sourceforge.net/projects/ws-attacker/files/WS-Attacker%201.3/Documentation-v1.3.pdf/download

The documentation on XML Encryption attacks is currently under development, but you can find a lot of information on the XML Encryption plugin and on starting XML Encryption attacks here: https://web-in-security.blogspot.de/2015/05/how-to-attack-xml-encryption-in-ibm.html

If you want to practice the attacks and you do not have any Web Service, we encourage you to use the Apache Rampart framework. This framework provides several Web Services examples and is vulnerable to the most of the provided attacks, including XML Signature Wrapping and the attacks on XML Encryption.

See this blog post on how to use WS-Attacker to attack Apache Rampart Web Services with XML Signatures: https://web-in-security.blogspot.de/2015/04/introduction-to-ws-attacker-xml.html Similar concepts apply to the attacks with XML Encryption.

Happy Web Service hacking

More Repositories

1

PRET

Printer Exploitation Toolkit - The tool that made dumpster diving obsolete.
Python
3,909
star
2

Terrapin-Scanner

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
Go
887
star
3

CORStest

A simple CORS misconfiguration scanner
Python
387
star
4

Metadata-Attacker

A tool to generate media files with malicious metadata
PHP
124
star
5

BurpSSOExtension

An extension for BurpSuite that highlights SSO messages in Burp's proxy window..
Java
116
star
6

PDF101

Artifacts for the Black Hat talk.
Python
97
star
7

REST-Attacker

REST-Attacker is designed as a proof-of-concept for the feasibility of testing generic real-world REST implementations. Its goal is to provide a framework for REST security research.
Python
78
star
8

xsinator.com

XS-Leak Browser Test Suite
JavaScript
68
star
9

alpaca-code

Artifacts to the ALPACA attack.
C
60
star
10

DTD-Attacks

Tests for different parsers from Ruby, Python, .NET, PHP, Perl, Java
Java
57
star
11

Johnny-You-Are-Fired

Artifacts for the USENIX publication.
57
star
12

MS-RMS-Attacks

Breaking the security of Microsoft's RMS
C++
51
star
13

Terrapin-Artifacts

This repository contains the artifacts for the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
Python
46
star
14

JOSEPH

Java
32
star
15

OpenID-Attacker

Java
27
star
16

PrOfESSOS

PrOfESSOS is our open source implementation for fully automated Evaluation-as-a-Service for SSO. PrOfESSOS introduces a generic approach to improve the security of OpenID Connect implementations by systematically detecting vulnerabilities.
Java
27
star
17

SAML-XXE-Test

Simple XXE test suite generated specifically for SAML interfaces
Python
21
star
18

pdf-attacker

Python
21
star
19

thesis_layout

Latex template for students writing a bachelor or master thesis
TeX
18
star
20

ikev1-psk-main-mode-dict-attacker

Proof-of-Concept Dictionary Attacker against IKEv1 PSK in Main Mode
Python
16
star
21

SocketProxy

Simple proxy designed to intercept and modify connections on the transport level. This means you can also modify TLS raw bytes.
Java
16
star
22

Office-Security

Artifacts for the WOOT publication.
HTML
14
star
23

FutureTrust

FutureTrust analyzes electronic identification (eID) services in Europe and beyond. It is funded within the EU Framework Programme for Research and Innovation (Horizon 2020).
Java
11
star
24

DISTINCT

Dynamic In-Browser Single Sign-On Tracer Inspecting Novel Communication Techniques
JavaScript
10
star
25

OOXML_Signature_Security

USENIX 2023 Artifacts
10
star
26

AutoLeak

Find XS-Leaks in the browser by diffing DOM-Graphs in two states
JavaScript
10
star
27

your-sop.com

PHP
9
star
28

SOAP-Test-Webservices

SOAP webservices of different SOAP frameworks including samples for WS-Security.
Java
8
star
29

Covert-Content-Attacks

Artifacts for the DEF CON talk.
6
star
30

exposee_layout

Latex template for students writing an exposé for a seminar or thesis
TeX
6
star
31

WS-TLS-Scanner

The TLS-Scanner for the SIWECOS Project
Java
6
star
32

CVE-2020-2655-DemoServer

Java
5
star
33

SECRET

A Secure, Efficient, and Collaborative Real-Time Web Editor
CoffeeScript
5
star
34

Gridcoin-Attacks

The source code of our attacking tool described in the paper "Breaking and Fixing Gridcoin" published at WOOT'17, see also:
C++
5
star
35

JavaCryptoExamples

Examples for using Java Crypto
Java
4
star
36

Terrapin-Website

This repository hosts the public website for the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation" via GitHub Pages.
HTML
4
star
37

RKE

Implementation of ratcheted key exchange protocol (Poettering and Rösler, CRYPTO 2018, https://ia.cr/2018/296) by Marco Smeets
Java
4
star
38

WS-Attacker-Plugin_Denial_of_Service

Denial_of_Service - A git submodule for WS-Attacker
Java
3
star
39

SyncEnc-Keyserver

A Key Management Server for SyncEnc
JavaScript
2
star
40

WS-Attacker-Library_Intelligent_Denial_of_Service_Library

Intelligent_Denial_of_Service_Library - A git submodule for WS-Attacker
Java
2
star
41

PDF-Tester

PDF Tester can be used to evaluate the signature status of a PDF document under different PDF applications.
C#
2
star
42

JsseTLS

Java
2
star
43

BouncyCastleTLS

BouncyCastle TLS examples
Java
2
star
44

WS-Attacker-Library_Signature_Faking_Library

Signature_Faking_Library - A git submodule for WS-Attacker
Java
1
star
45

alpaca-attack

HTML
1
star
46

AKE-Cryptoverif-Tutorial

HTML
1
star
47

Mitigation-of-Attacks-on-Email-E2E-Encryption

Research Artifacts for the Publication "Mitigation of Attacks on Email End-to-End Encryption"
Python
1
star
48

IPsec-StateMachineExtractor

Extract the state machine of an IKEv1/IKEv2 implementation
Java
1
star
49

SyncEnc-App

Java
1
star
50

WS-Attacker-Library_XML_Encryption_Attack_Library

XML_Encryption_Attack_Library - A git submodule for WS-Attacker
Java
1
star
51

Single-Sign-On-Libraries

Java
1
star
52

ShareJSXML

Library to allow concurrent editing of XML documents using Operational Transforms based on ShareJS 0.6
CoffeeScript
1
star
53

SyncEnc-Demonstrator

A Demonstrator for Collaborative Encrypted Editing
JavaScript
1
star
54

WS-Attacker-Plugin_SoapAction_Spoofing

SoapAction_Spoofing - A git submodule for WS-Attacker
Java
1
star
55

WS-Attacker-Plugin_Signature_Wrapping

Signature_Wrapping - A git submodule for WS-Attacker
Java
1
star
56

WS-Attacker-Plugin_XML_Encryption_Attack

XML_Encryption_Attack - A git submodule for WS-Attacker
Java
1
star
57

WS-Attacker-Plugin_Intelligent_Denial_of_Service

Intelligent_Denial_of_Service - A git submodule for WS-Attacker
Java
1
star
58

XMLSec-WebCrypto

An implementation for the XML Security Standard using the W3C WebCrypto API
CoffeeScript
1
star
59

oidc-docker-libs

Python
1
star
60

medfuzz

Fuzzing plattform for medical protocols
C++
1
star
61

DocumentSignatureValidator

Automation tool for evaluating the signature status of office documents
C++
1
star
62

WS-Attacker-Library_SoapHttpClient

SoapHttpClient - A git submodule for WS-Attacker
Java
1
star
63

WS-Attacker-Library_Signature_Wrapping

Signature_Wrapping_Library - A git submodule for WS-Attacker
Java
1
star
64

WS-Attacker-Plugin_WS_Addressing_Spoofing

WS_Addressing_Spoofing - A git submodule for WS-Attacker
Java
1
star
65

WS-Attacker-Library_XML_Utilities

WS-Attacker-Library_XML-Utilities- A git submodule for WS-Attacker
Java
1
star
66

WS-Attacker-Plugin_OptionsTesterPlugin

OptionsTesterPlugin - A git submodule for WS-Attacker
Java
1
star
67

WS-Attacker-Library_Schema_Analyzer

Schema_Analyzer_Library - A git submodule for WS-Attacker
Java
1
star