WS-Attacker 1.3 Released

New XML-Denial-of-Service Plugin (by Andreas Falkenberg):
- Various Attack Techniques
-Coercive Parsing
-Hash Collision Attack (DJBX31A, DJBX33A, DJBX33X)
-SOAP Array Attack
-XML Attribute Count Attack
-XML Element Count Attack
-XML Entity Expansion Attack
-XML External Entity Attack
-XML Overlong Element Names
- After the attack is finished, right click on the Plugin in the "Attack
Overview" to see more details!

General:
- Splitted Signature Wrapping Plugin into a "Plugin" and its "Library Functions"
- Library is independent of Main WS-Attacker Framework

Signature Wrapping Plugin improved:
- Now it is possible to right click on the Plugin in the "Attack Overview"
to slide through all XSW possibilities

Signature Wrapping Library improved:
- Improved compatibility when Signatures sign Signatures (Usefull e.g. for
SAML Responses which sign SAML Assertions)
- New and better XML Schema Analyzer

New Signature Faking Library (by Juraj Somorovsky):
- Creates a new Signature Value for a given XML Signature by using a newly
created Fake Certificate
- Yet only available as a Library (No WS-Attacker Plugin available)

Framework Changes:
- Very small GUI improvements
- lalib-checkboxtree library now added locally because of Maven repository
changes

Posted by Chris 2013-06-24

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks