XML services are difficult to work with and often contain unexpected bugs. XMLFuzz was specifically designed to fuzz-test XML services such as XML-RPC (XML Remote Procedure Call), SOAP (Simple Object Access Protocol) and others.
By subscribing to XMLFuzz you get the following awesome features:
- Full support for XML fuzzing
- Support for SOAP and XML-RPC
- Fuzz support for External XML Entity Injection (XXE) attacks
- Optional URL query and request headers fuzz stages
- Test web apps even behind the perimeter firewall
- Configurable fuzz payloads
- Share vulnerabilities with team members
- Exportable reports in HTML, CSV, XML and JSON
- Integration with 3rd-party tools
- Easy to use
- Always available
- Instantaneous updates
XML-RPC and SOAP use XML as the core mechanism for transferring data in and out of the service. The structure of the XML document can very in complexity. For example a document may use custom namespaces, elements and deeply nested structure. XMLFuzz handles the entirety of XML with a breeze. The fuzzer is capable of walking down the complex nature of a XML document and produce abnormal input while preserving the semantics. Deeply nested document elements are well supported.
With XMLFuzz you can discover a wide range of issues from improper handling of input to XXE (XML External Entity) injection and much more.