finding the WSDL file to extract ENDPOINTS
The most important thing in API is endpoints, most the time you will just play with the endpoint to find a vulnerability. So in this part we will learn how to extract endpoints from the WSDL file.
The first thing you need to do is you need to do recon and API recon is the easiest you only need to find the documentation and few google search and your task is done.
Suppose you have a target website example.com.
which you want to hack and as mentioned above we need to do find the WSDL file so we can extract endpoints from that there are more ways also to find endpoint that i will cover in later part, for now, let us only focus on finding WSDL file.
If you will be lucky you will get the WSDL file just by adding?WSDL at the end of the base API. From the above example we have taken of example.com and considering that behind the website example.com the API service running is api.examle.com then you can easily find the wsdl file just by adding
YOu can also get a similar result just by doing the google search which is www.example.com filetype:WSDL
• site:target.com filetype:wsdl
• ext:svc inurl:wsdl
• filetype:wsdl wsdl
• inurl:asmx?wsdl OR inurl:jws?wsdl
• inurl:_vti_bin/sites.asmx?wsdl | intitle:_vti_bin/sites.asmx?wsdl
If both the techniques fail to give you the result then you should definitely take the help of all-time favorite tool Burpsuite.
And with burp suite you need an addon WSDL wizard which will automatically find the WSDL file from the crawled URL. the link of the adon is below.
This extension scans a target server for WSDL files. After performing normal mapping of an application's content, right…
If now also you are not able to find the WSDL file there is two possibility
- The WSDL file is not present it was removed by the web owner
- The WSDL file is not present at that particular end-point
Apart from these two there is one more scenario that is responsible if you are not able to find the WSDL file Do you know what it is?
The website is not using SOAP api.
I will request all of my readers if you know some more techniques to find WSDL do reply in the comment section so we all can learn few more techniques to find WSDL file Apart from that if you come across any google dork that can be helpful in finding WSDL file please share.
video demonstration the above techniques is available on my youtube channel API hacking playlist
Check the next part for more details….