XML services are difficult to work with and often contain unexpected bugs.
｢Xmlfuzz was specifically designed to fuzz-test XML services such as XML-RPC (XML Remote Procedure Call), SOAP (Simple Object Access Protocol) and others.｣
◉ Fuzzing XML
XML-RPC and SOAP use XML as the core mechanism for transferring data in and out of the service. The structure of the XML document can very in complexity. For example a document may use custom namespaces, elements and deeply nested structure. Xmlfuzz handles the entirety of XML with a breeze. The fuzzer is capable of walking down the complex nature of a XML document and produce abnormal input while preserving the semantics. Deeply nested document elements are well supported.
◉ Tool Usage
To start a fuzz test on a XML service first you need to design the base request using the HTTP editor. After this all you have to do is to press the start button. Xmlfuzz will use the XML structure of the request to create all possible variations of unexpected input which could make the service to produce unexpected results. Any vulnerabilities will be automatically identified. Additionally, the transactions windows can be used to manually inspect the service for other forms of abnormal behaviour.
✂ ✂ ✂
This app comes with a free trial. Trials will roll into a payed subscription if not canceled.