The Web Services Editor is a tool that forms part of the Acunetix Manual Pen Testing Tools suite (available to download for free). The Web Services Editor allows you to import an online or local WSDL file for an in depth analysis of WSDL requests and responses. The editor also features syntax highlighting for all languages, making it easy to edit SOAP headers and customize manual attacks. Editing and sending of Web Services SOAP messages is very similar to editing normal requests sent via the Acunetix HTTP Editor.

You can start using the Web Services Editor by launching the Acunetix Tools application, and selecting the Web Services Editor from the Tools Explorer.

Web services editor

The top pane in the Web Services Editor is where you can see the structured SOAP data. The bottom pane shows the SOAP response received from the server.

Crafting a SOAP Request

The Web Services Editor allows you to create and edit SOAP requests based on a WSDL web service definition, both through a graphical interface by clicking the Request tab; as well as the raw SOAP request by clicking the SOAP tab.

To start, enter the target WSDL (e.g. in the WSDL URL and click Import to import all the WSDL information.

Crafting a SOAP Request

Specify a value for the operation and click Send to send the SOAP request to the web service. The web server response can then be viewed in the bottom pane as structured data in the Structured Data tab, or the as raw XML in the Response tab.

Working with the WSDL Structure

You can also view the WSDL in a structured format by clicking the WSDL Structure tab, as well as the raw XML file by clicking the WSDL tab, in the main toolbar.

Working with the WSDL Structure

The WSDL Structure tab presents a detailed view of the WSDL file structured in the form of nodes and sub-nodes. The main nodes of the tree structure are XML Schema and Services.

The XML Schema node lists all the ComplexTypes and the Elements of the web service. The Services node lists all the web service ports and their respective operations together with the resource details of the source of the SOAP data.

The WSDL tab shows the actual WDSL data in raw XML. Using the toolbar provided at the bottom of the screen, you can search for specific keywords or elements in the WSDL file.

WDSL data

Exporting to the HTTP Editor

In the Web Services Editor you can export a SOAP request to the HTTP Editor by clicking on the HTTP Editor button in the Web Services Editor toolbar. The HTTP Editor tool will automatically import the data so the request can be customized and sent as an HTTP POST request.

Exporting to the HTTP Editor

Acunetix is an automated web application security scanner and vulnerability management platform. In addition, Acunetix also provides a suite of manual pentesting tools that allow users to quickly and easily confirm and take automated testing further.

Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.