Fuzzware understands the Web Service Description Language (WSDL) which can be used to define an interface (a group of methods). Fuzzware can fuzz Web Services that use a WSDL file to describe their Web Service interface and it can also fuzz ActiveX controls.
Fuzz a Web Service
Given one, or many, WSDL files for a Web Service Fuzzware can fuzz the parameters of the methods of the interface. Fuzzware copies any XML Schema in the WSDL files to individual XSD files and creates or edits these to include new schema elements for each method of the Web Service. Fuzzware also creates a new schema element that references all the schema elements that represent Web Service methods. Fuzzware then creates an XML document that contains all the methods and all the method parameter values. Once the XSD and XML files have been created they will be re-used by Fuzzware so they can be manually edited if required.
You can specify initial methods that will be called before the other Web Service methods (useful if the there is some order in which some methods need to be called). Calls to all the methods are created when Fuzzware creates the XSD and XML files and the method order is randomised. It is also possible to specify the default values for the parameters of the methods and also the default values for parameter types (used if the parameter value is not explicitly set). If there is a lot of configuration required for the Web Service method calls order or parameter values, the easiest option will be to edit the XML file directly.
Fuzz an ActiveX control
Fuzzware uses the IDispatch interface of the ActiveX control to enumerate all the methods and parameters of the interfaces of the ActiveX control. These are then written to a WSDL file from which XSD and XML files are generated in exactly the same way as for Web Service fuzzing. Exactly like Web Service fuzzing it is possible to set initial methods and default parameter values.
|