[Owasp-wsfuzzer] WSFuzzer Errors and compatability issues with Python 2.5 or 2.6

Michael Coates michael.coates at aspectsecurity.com
Fri Apr 10 14:52:50 EDT 2009


I just tried installing WSFuzzer and ran into several problems.  It
appears that without installing PyXML the WSFuzzer will throw error
messages. However, to install PyXML you have to be running Python 2.4.x.

 

ImportError: No module named ext

 

I installed the following and got WSFuzzer working

 

-          Requires Python 2.4.x (version 2.5 and 2.6 are not compatible
with PyXML, which you need)

o   http://www.python.org/download/releases/2.4.4/

-          Requires PyXML (I used PyXML-0.8.4.win32-py2.4.exe )

o
http://sourceforge.net/project/showfiles.php?group_id=6473&package_id=65
41&release_id=286213

-          Requires Hashlib (I used version: using OpenSSL (faster,
larger))

o   http://code.krypto.org/python/hashlib/

 

 

I then tested WSFuzzer against WebGoat.  I used the WSDL at the
WebService lesson. This lesson provides a URL to the WSDL.  Here is the
command I ran:

WSFuzzer.py -w http://127.0.0.1:8080/WebGoat/services/WSDLScanning?WSDL
--bauser guest --bapass guest

 

WSFuzzer crashed (ie throw an exception) and returned the following
message:

 

Request for wsdl
(http://127.0.0.1:8080/WebGoat/services/WSDLScanning?WSDL)

Returning <exception>SOAPUI Exeption Occured (Error importing
wsdl)</exception>

Traceback (most recent call last):

  File "C:\Aspect_WorkBench\WSFuzzer\version1.9.4\WSFuzzer.py", line
455, in ?

    wrapper = WSDLWrapper.WSDLWrapper(wsdl,proxy,proxyport,VERSION)

  File "C:\Aspect_WorkBench\WSFuzzer\version1.9.4\WSDLWrapper.py", line
95, in __init__

    exit(0)

TypeError: 'str' object is not callable

 

I checked the soapui-errors.log and this message was repeated many
times:

 

2009-04-10 13:49:29,677 ERROR [errorlog]
org.apache.xmlbeans.XmlException: error: </body> does not close tag
<HR>.

org.apache.xmlbeans.XmlException: error: </body> does not close tag
<HR>.

                at
org.apache.xmlbeans.impl.store.Locale$SaxLoader.load(Locale.java:3476)

                at
org.apache.xmlbeans.impl.store.Locale.parseToXmlObject(Locale.java:1275)

                at
org.apache.xmlbeans.impl.store.Locale.parseToXmlObject(Locale.java:1262)

                at
org.apache.xmlbeans.impl.schema.SchemaTypeLoaderBase.parse(SchemaTypeLoa
derBase.java:345)

                at
org.apache.xmlbeans.XmlObject$Factory.parse(XmlObject.java:722)

                at
com.eviware.soapui.impl.wsdl.support.wsdl.WsdlLoader.loadXmlObject(WsdlL
oader.java:106)

                at
com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils.getDefinitionParts(
SchemaUtils.java:469)

                at
com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils.getDefinitionParts(
SchemaUtils.java:460)

                at
com.eviware.soapui.impl.wsdl.support.wsdl.WsdlLoader.cacheWsdl(WsdlLoade
r.java:176)

                at
com.eviware.soapui.impl.wsdl.support.wsdl.WsdlContext$Loader.construct(W
sdlContext.java:207)

                at
com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWor
kerDelegator.java:45)

                at
com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:111)

                at java.lang.Thread.run(Thread.java:619)

Caused by: org.xml.sax.SAXParseException: </body> does not close tag
<HR>.

                at
org.apache.xmlbeans.impl.piccolo.xml.Piccolo.reportFatalError(Piccolo.ja
va:1038)

                at
org.apache.xmlbeans.impl.piccolo.xml.Piccolo.parse(Piccolo.java:723)

                at
org.apache.xmlbeans.impl.store.Locale$SaxLoader.load(Locale.java:3444)

                ... 12 more

 

Thoughts? Suggestions?

 

Thanks,

Michael Coates

Senior Application Security Engineer

michael.coates at aspectsecurity.com
<mailto:michael.coates at aspectsecurity.com> 

 

Aspect Security(tm)

http://www.aspectsecurity.com <http://www.aspectsecurity.com> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-wsfuzzer/attachments/20090410/01397599/attachment.html 


More information about the Owasp-wsfuzzer mailing list