This is a really simply example of using the Python Suds library to consume and inspect SOAP web services with integration into Burp Suite. I decided once upon a time that I didn’t think SoapUI was efficient for what I needed when it came testing web services and getting that data into Burp Suite, so I began searching for a simple Python library that could help me out. I will caveat that statement with, I always enjoy trying to write my own implementation of things, even if they aren’t the best, it helps with my overall objective -> Learning!
https://fedorahosted.org/suds/ – “Suds is a lightweight SOAP python client for consuming Web Services” So I stumbled upon Suds, which I must say is incredibly easy to use. The best part about this library is that you can accomplish everything want from the console, which is always a plus. Alright so in your Python console we want to import the Suds client and setup some logging so we can debug each web service request and response.
The status quo of “breaking things” is broken. Inconsistent methodologies, tool led approaches, and poorly scoped tests are coming up short in true risk mitigation. Most discouraging is that some of the largest organizations continue to subscribe to these approaches as part of their AppSec initiatives. If you are looking to achieve deeper results, supported by well-founded application threat models, you’ve found your security partner in VerSprite. Explore AppSec Services →