The version of your browser is currently unsupported. Too bad we cannot support all legacy browsers.
Please upgrade to the latest Firefox, Chrome or Safari and IE and come back.
XML services are difficult to work with and often contain unexpected bugs. XMLFuzz was specifically designed to fuzz-test XML services such as XML-RPC (XML Remote Procedure Call), SOAP (Simple Object Access Protocol) and others.
By subscribing to XMLFuzz you get the following awesome features:
- Full support for XML fuzzing
- Support for SOAP and XML-RPC
- Fuzz support for External XML Entity Injection (XXE) attacks
- Optional URL query and request headers fuzz stages
- Test web apps even behind the perimeter firewall
- Configurable fuzz payloads
- Share vulnerabilities with team members
- Exportable reports in HTML, CSV, XML and JSON
- Integration with 3rd-party tools
- Easy to use
- Always available
- Instantaneous updates
XML-RPC and SOAP use XML as the core mechanism for transferring data in and out of the service. The structure of the XML document can very in complexity. For example a document may use custom namespaces, elements and deeply nested structure. XMLFuzz handles the entirety of XML with a breeze. The fuzzer is capable of walking down the complex nature of a XML document and produce abnormal input while preserving the semantics. Deeply nested document elements are well supported.
With XMLFuzz you can discover a wide range of issues from improper handling of input to XXE (XML External Entity) injection and much more.