Today, we released a new version of our WS-Attacker framework: https://github.com/RUB-NDS/WS-Attacker
The new version includes some additional features and bug fixes. For example, WS-Attacker now allows you to define an HTTP/HTTPS proxy for forwarding the generated XML attack messages. This gives you the opportunity to send all the WS-Attacker messages through BurpSuite or OWASP ZAP, and analyze their content or resend them to the Web Service.
However, most importantly, the newest WS-Attacker version includes a plugin for automatic XML Encryption attacks. The plugin was implemented by our student Dennis Kupser.
In this blog…