Tuesday, February 9, 2010

Ruby SOAP client with basic authentication and client certificate

During these days I had the need to do a pentest to a web service but since wsfuzzer wasn't working correctly I had to write my own ruby soap client that was able to connect to a ssl protected web service with client certificate and basic authentication.
After many hours spent looking for the suitable library, I've decided to use savon with ruby 1.8.7 (DON'T USE RUBY 1.9.1, it won't work).
First I had to convert 1 p12 certificate into 2 pem:
openssl pkcs12 -in global.p12 -out global.pem
Then we cut the private key part from global pem and copy it into protected_key.pem
and issue the command:
(you gotta provide the password of your private key)
mv global.pem cert.pem
openssl rsa -in protected_key.pem -out key.pem
The we can finally write the ruby code:

require 'rubygems'
require 'savon'
client = Savon::Client.new "https://example.com/services?wsdl" client.request.http.ssl_client_auth(
:cert = OpenSSL::X509::Certificate.new(File.read("cert.pem")),
:key = OpenSSL::PKey::RSA.new(File.read("key.pem")),
:verify_mode => OpenSSL::SSL::VERIFY_NONE )
#BASIC AUTHENTICATION
client.request.basic_auth "User", "Password"
puts client.wsdl.soap_actions
#puts client.wsdl.namespace_uri
#don't forget @inorder otherwise the client will send you key values in a different sequence different from #the one you wrote down
response = client.add_customer do |soap|
soap.body = {
:id =111,
:tel =1233,
:issuer =asder,
:payment_mode =1,
:alias =asd,
:@inorder = [:id, :tel, :issuer, :payment_mode, :alias] }
end
puts response.to_xml
Finally you have to add some permutation to your values to make it a real soap fuzzer. You can start by getting the file all_attacks.txt used by from WSFuzzer