Welcome to the SOAP Security Learning Platform

This platform provides hands-on experience with SOAP web service security vulnerabilities and authentication mechanisms. Choose from the available services below to explore different security challenges.

AuthService

Easy - Medium

Learn about SOAP authentication and authorization vulnerabilities through three different challenges:

  • getFlag() - Easy: practice proper WS-Security authentication
  • getFlagAdmin1() - Medium: authentication bypass vulnerability
  • getFlagAdmin2() - Medium: authentication bypass vulnerability
  • getDescription() - Get detailed challenge information
  • getHint(operation, level) - Receive progressive hints for each challenge

View WSDL

FoodDeliveryService

Medium - Hard

Learn how to handle XML special characters and XPath queries in SOAP messages through a meal delivery system with three operations:

  • getMeal1(meal) - Medium: retrieve meal information using element text content. Some meal names contain special XML characters
  • getMeal2(meal) - Medium: retrieve meal information using attribute values. Some meal names contain special XML characters
  • getMeal3(meal) - Hard: search restaurant's XML database. The service uses XPath to query meal information
  • getDescription() - Get detailed challenge information
  • getHint(operation, level) - Receive progressive hints (3 levels per operation)

Challenge: Retrieve all three hidden flags. getMeal1 and getMeal2 require understanding different XML encoding techniques. getMeal3 involves exploring the structure of the restaurant's database. Use '*' to list available meals.

View WSDL

XSWTeacherService

Medium - Hard

Learn about XML Signature Wrapping (XSW) attacks on SOAP messages. Master the techniques to exploit the gap between what is signed and what is processed:

  • getSignedMessage(verifier) - Get a freshly signed SOAP message for testing
  • verifierXSW1(signedMsg) - Medium: Element injection with ID-based signature
  • verifierXSW2(signedMsg) - Easy-Medium: XPath signature with element wrapping
  • verifierXSW3(signedMsg) - Hard: Enveloped signature on Security header
  • verifierXSW4(signedMsg) - Hard: Namespace-agnostic XPath exploitation
  • getDescription() - Get detailed challenge information
  • getHint(operation, level) - Receive progressive hints

Challenge: For each verifier, obtain a signed message with role="user", modify it using XSW attacks to achieve role="admin" while keeping the signature valid, then submit to receive the flag.

Hint: Pretty printing of signed messages compromises the validity of the signature.

View WSDL

TimeService

Hard Challenge

Advanced SOAP security challenge focusing on WS-Addressing and server-side request forgery vulnerabilities:

  • getTime() - Get current server time
  • getDescription() - Learn about the challenge
  • getHint() - Get progressive hints (7 levels)

View WSDL

Getting Started

Testing Tools

You can interact with these services using various tools:

  • SoapUI: Professional SOAP testing tool (recommended)
  • Postman: HTTP client with SOAP support
  • Custom scripts: Python, Java, or other programming languages

Authentication

The AuthService uses WS-Security UsernameToken for authentication. Available credentials:

  • User: username='user', password='123456', role='projectWorker'

Learning Path

  1. Start with AuthService - practice basic SOAP authentication
  2. Explore the vulnerability challenges in AuthService
  3. Move to TimeService for advanced WS-Addressing attacks