Burp community forum

wsdler and Basic Authentication

ruiper | Last updated: Apr 05, 2016 07:00PM UTC

I am using WSDLER against a web service which uses basic authentication. Even with 'Platform Authentication' enabled (Options>Connections) and the correct host/type/username/password set, attempting to parse the WSDL results in a "Can't parse WSDL" error. If I download the verbose version of wsdler (see https://blog.netspi.com/hacking-web-services-with-burp/) the stack trace indicates that an HTTP 401 error has occurred (failed authentication). Can WSDLER / Burp handle basic authentication? Rui

PortSwigger Agent | Last updated: Apr 06, 2016 11:45AM UTC

The Wsdler BApp isn't written by the PortSwigger team, and we can't confirm its capabilities, sorry. HTTP requests made through Burp using the API will have Basic authentication applied in the normal way, but it's possible that Wsdler makes requests outside of the API, which would explain the observed behavior.

You need to Log in to post a reply. Or register here, for free.