Eric Gruber
March 5, 2013
WSDL (Web Services Description Language) files are XML formatted descriptions about the operations of web services between clients and servers. They contain possible requests along with the parameters an application uses to communicate with a web service. This is great for penetration testers because we can test and manipulate web services all we want using the information from WSDL files.
One of the best tools to use for working with HTTP requests and responses for applications is Burp. The only downside with Burp is that it does not natively support parsing of WSDL files into requests that can be sent to a web service. A common work around has been to use a tool such as Soap-UI and proxy the requests to Burp for further manipulation. I’ve written a plugin for Burp that takes a WSDL request and parses out the operations that are associated with the targeted web service and creates SOAP requests which can then be sent to a web service. This plugin builds upon the work done by Tom Bujok and his soap-ws project which is essentially the WSDL parsing portion of Soap-UI without the UI.
The Wsdler plugin along with all the source is located at the Github repository here: https://github.com/NetSPI/Wsdler.
Wsdler Requirements
- Burp 1.5.01 or later
- Must be run from the command line
Starting Wsdler
The command to start Burp with the Wsdler plugin is as follows:
java -classpath Wsdler.jar;burp.jar burp.StartBurp
Sample Usage
Here we will intercept the request for a WSDL file belonging to an online store in Burp.
After the request for the WSDL has been intercepted, right click on the request and select Parse WSDL.
A new Wsdler tab will open with the parsed operations for the WSDL, along with the bindings and ports for each of the operations. Operations are synonymous with the requests that the application supports. There are two operations in this WSDL file, OrderItem and CheckStatus. Each of these operations has two bindings, for simplicity’s sake, bindings describe the format and protocol for each of the operations. The bindings for both of the operations are InstantOrderSoap and InstantOrderSoap12. The reason there are two bindings for each of the operations is because the WSDL file supports the creation of SOAP 1.1 and 1.2 requests. Finally, the ”Port” for each of the operations is essentially just the URL the request will be sent to. The full specification for each of the Objects in WSDL files can be read here: http://www.w3.org/TR/wsdl.
The SOAP requests for the operations will be in the lower part of the Burp window. The parsing functionality will also automatically fill in the data type for each of the parameters in the WSDL operation. In this example, strings are filled in with parts of the Aeneid and integers are filled in with numbers.
The request that Wsdler creates is a standard Burp request, so it can be sent to any other Burp function that accepts requests (intruder, repeater, etc.).
Here the request is sent to intruder for further testing. Because the request is XML, Burp automatically identifies the parameters for intruder to use.
Conclusion
Currently, the plugin only supports WSDL specification 1.1, but there is work on supporting 1.2 / 2.0. Also, I will be adding the option to specify your own strings and integers when the plugin automatically fills in the appropriate data type for each of the parameters in the parsed operations. If there are any bugs or features that you would like to see added, send me an email or create a ticket on Github.
How the plugin “Wsdler.jar” can be downloaded from the website. The executable link is giving no reference to download it. After downloading the file, where we have to store it. Please help me in shorting out these queries.
Hi Raja,
The jar file is on the github repository located here: https://github.com/NetSPI/Wsdler in the executables directory. The file can be any where on your system, but it’s probably easiest to have it in the same directory that the burp jar file is in. Then just run “java -classpath Wsdler.jar;burp.jar burp.StartBurp” where Wsdler.jar is the location of the jar file from github and the burp.jar is the location of your burp jar file.
Hi Eric,
Thanks for your guidance. I followed the steps that you said. But after clicking the “executables” directory, I move on to the next page where the Wsdler.jar link is highlighted. After clicking on the link of Wsdler.jar, I move on to the next page. In this page there is link of View Page. Clicking on to the link gives error message – “Error: blob is to big”. There are two more page tabs: Raw and History. Clicking on the Raw tab gives the same error message and clicking on the History tab takes me back to the previous page.
I would be obliged if you send me the plugin in my email id.
For downloading the plugin do I have to signup.
I would request you if you follow the same that I said and check where exactly the problem is.
Thanks for your inputs.
Would expect the same ahaed.
Regards
Raja Mukherjee
Download the repo on Github as a zip or clone the repo with git. There are size restrictions on downloading files through Github.
Hi Eric,
Thanks for your inputs again. Could you please give step by step approach to install the plugin and also how to use the tool.
Thanks and Regards
Raja Mukherjee
09552052335
My blog gives a good run through on how to start and run the extension. If you’re having more problems email me what command you are running and what problems you are having.
Thanks…hopefully no more chaining SoapUI to Burp then
How can i run on BackTrack ?
Pingback: Week 10 in Review – 2013 | Infosec Events
Hi,
I followed the same steps. After running the following command
java -classpath Wsdler.jar;burp.jar burp.StartBurp
I can see the Burp but when I intercepted the requests and right click on it there is no options called Parse WSDL.
i kept my Burp pro 1.5.07 and wsdlr.jar in same folder.
There was an issue in the downloaded Wsdler.jar. Now after downloading again, once I write the command, the burp is not poping up and not even any error displayed at prompt.
I dont know how to proceed.
Try downloading the repo here: https://github.com/NetSPI/Wsdler/archive/master.zip. This will give you a zip instead on cloning it. The Wsdler.jar should be 14MB.
Hi Eric,
I downloaded the plugin from https://github.com/NetSPI/Wsdler/archive/master.zip location. And I have burp version burpsuite_free_v1.5. And kept Burp & WSDL.jar in same folder. I entered below command D:\Burp>java -classpath Wsdler.jar;burpsuite_free_v1.5.jar burp.StartBurp. But After that nothing happens. Burp is not starting. And if I remove the Wsdl.jar from command then Burp is getting loading. Please suggest.
Using free burp edition 1.5, JRE 1.7 and Windows 7 64bit. Downloaded Wsdler from https://github.com/NetSPI/Wsdler/archive/master.zip. Burp starts with above given cmd but without the ‘WSDLer’ option. Alert section displays several errors, most with “BurpExtender class do not implement method..”. One Exception: Exception thrown by BurpExtenderCallbacks(): java.lang.AbstractMethodError: burp.x4.getHelpers()Lburp/IExtensionHelpers;
Kindly Suggest.
Could you show me the exact command that you are using? Those errors look like you are using an older version of Burp that doesn’t support the newer API.
This looks fantastic – thanks. For some reason when I run it I get the following error on Ubuntu, which is probably my own doing, but I can’t figure it out and would appreciate any help possible:
burp.jar: command not found
Both .jar files are in the same folder, and it seems that no matter what comes after the ; can’t be found.
Thanks
Try using a colon instead of a semicolon. On Linux it’s a bit different.
Thanks. I’ve got it working in my Windows VM and it’s great! (thanks). I cannot get it to work on my Ubuntu OS. I’ve made the change suggested (:) and it attempts to load but doesn’t, and doesn’t error. If you have any other thoughts I’d appreciate them, but failing that I’ll use Windows.
Thanks
Pingback: Extension: Wsdler (WSDL Handler) | BurpExtensions.com
I am having problems downloading the .jar file from GitHub.
Error message ‘(Sorry about that, but we can’t show files that are this big right now)’.
Then when I go to view raw I get the following ‘Error: blob is too big’!!.
Do you know why this is?
You have to clone the repo or download the zip/tar file to get the jar.
The plugin doesnt work with recent version of Burp and it throws
java.lang.UnsupportedClassVersionError: burp/BurpExtender : Unsupported major.minor version 51.0
Any idea to fix?
The reason is you are using an older version of the java runtime. I went ahead and recompiled the jar with jdk 6 instead of 7. So hopefully it will work now.
Plugin is not working properly.
I used the plugin under debian using java 1.6.0_27, burp 1.5 (free) and get
java -classpath Wsdler.jar:burpsuite.jar burp.StartBurp
Error
Exception thrown by BurpExtender.registerExtenderCallbacks(): java.langAbstractMethodErrror: burp.x4.getHelpers()burp …
Try updating your java runtime. I compiled the plugin with 1.6.0.45.
I’m using Burp Pro 1.5 with Java 1.7.0_21. Each time I attempt to send the wsdl request to “Parse WDSL” I only see “WSDL definition not found” echoed in my Windows command shell. Can you give me an idea what’s going wrong?
Thanks,
Paul
It’s saying that because it cannot locate a WSDL definition in the root of the WSDL document. It would look something like this: wsdl:definitions name=”nmtoken”? targetNamespace=”uri”?
Thanks Eric,
Here’s the head of my wsdl:
<definitions name='BlahService' targetNamespace='http://www.foo.com/foo-ws'
Is that incorrect?
I changed the code to check if both definitions are there now. Try seeing if the latest commit fixes your problem.
Eric,
That did the trick. Thanks so much for contributing to the community! If anyone is wondering, this extension works on Burp Pro 1.5.11.
Paul