ON THIS PAGE

SOAP API Configuration

The SOAP Protocol was designed to use XML-envelope style requests, schema definitions and published WSDL endpoints in order to describe the behaviors of an API. When provided a schema, either by published endpoint or definition file, HawkScan will generate SOAP-specific payloads while scanning.

Some key points to note about scanning a SOAP endpoint:

  • SOAP APIs respond to specific XML payloads at a predefined endpoint
  • The SOAP WSDL provides definitions for valid actions and responses available in the API
  • Fuzzing a SOAP endpoint for functional behavior is challenging due to the structure of requests
  • Standard scans typically rely on spidering, path enumeration, or brute forcing to illuminate routes
  • The schema definition file can also be provided to HawkScan as an alternative to the WSDL endpoint (.xsd)

Example SOAP API WSDL

The WSDL should be published to an available endpoint in the app (e.g. http://example.com/ws/features.wsdl). The SOAP schema definition file (.xsd) can also be provided.

A simple example showing the structure of a SOAP schema definition:

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="https://www.example.com/xml/school"
           targetNamespace="https://www.example.com/xml/school" elementFormDefault="qualified">

    <xs:element name="StudentDetailsRequest">
        <xs:complexType>
            <xs:sequence>
                <xs:element name="name" type="xs:string"/>
            </xs:sequence>
        </xs:complexType>
    </xs:element>

    <xs:element name="StudentDetailsResponse">
        <xs:complexType>
            <xs:sequence>
                <xs:element name="Student" type="tns:Student"/>
            </xs:sequence>
        </xs:complexType>
    </xs:element>

    <xs:complexType name="Student">
        <xs:sequence>
            <xs:element name="name" type="xs:string"/>
            <xs:element name="standard" type="xs:int"/>
            <xs:element name="address" type="xs:string"/>
        </xs:sequence>
    </xs:complexType>

</xs:schema>

Using An SOAP API Spec File in HawkScan

Configure in HawkScan using the following stackhawk.yaml parameters:

# in the "app" config...
app:
  # specify the relative path to an SOAP API WSDL
  # prefix the path with / to pull from the target host
  soapConf:
    path: /ws/features.wsdl # OR... 
    filePath: features.xsd