Welcome to the SOAP Security Learning Platform

This platform provides hands-on experience with SOAP web service security vulnerabilities and authentication mechanisms. Choose from the available services below to explore different security challenges.

AuthService

Easy Medium

Learn about SOAP authentication and authorization vulnerabilities through three different challenges:

  • getFlag1() - Easy: practice proper WS-Security authentication
  • getFlag2() - Easy: practice proper WS-Security authentication
  • getFlagAdmin1() - Medium: authentication bypass vulnerability
  • getFlagAdmin2() - Medium: authentication bypass vulnerability
  • getDescription() - Get detailed challenge information
  • getHint(operation, level) - Receive progressive hints for each challenge

View WSDL

FoodDeliveryService

Medium Hard

Learn how to handle XML special characters and XPath queries in SOAP messages through a meal delivery system with three operations:

  • getMeal1(meal) - Medium: retrieve meal information using element text content. Some meal names contain special XML characters
  • getMeal2(meal) - Medium: retrieve meal information using attribute values. Some meal names contain special XML characters
  • getMeal3(meal) - Hard: search restaurant's XML database. The service uses XPath to query meal information
  • getDescription() - Get detailed challenge information
  • getHint(operation, level) - Receive progressive hints (3 levels per operation)

Challenge: Retrieve all three hidden flags. getMeal1 and getMeal2 require understanding different XML encoding techniques. getMeal3 involves exploring the structure of the restaurant's database. Use '*' to list available meals.

View WSDL

XSWTeacherService

Medium Hard

Learn about XML Signature Wrapping (XSW) attacks on SOAP messages. Master the techniques to exploit the gap between what is signed and what is processed:

  • getSignedMessage(verifier) - Get a freshly signed SOAP message for testing
  • verifierXSW1(signedMsg) - Medium: Element injection with ID-based signature
  • verifierXSW2(signedMsg) - Easy-Medium: XPath signature with element wrapping
  • verifierXSW3(signedMsg) - Hard: Enveloped signature on Security header
  • verifierXSW4(signedMsg) - Hard: Namespace-agnostic XPath exploitation
  • getDescription() - Get detailed challenge information
  • getHint(operation, level) - Receive progressive hints

Challenge: For each verifier, obtain a signed message with role="user", modify it using XSW attacks to achieve role="admin" while keeping the signature valid, then submit to receive the flag.

Hint: Pretty printing of signed messages compromises the validity of the signature.

View WSDL

TimeService

Hard

Advanced SOAP security challenge focusing on WS-Addressing and server-side request forgery vulnerabilities:

  • getTime() - Get current server time
  • getDescription() - Learn about the challenge
  • getHint() - Get progressive hints (7 levels)

View WSDL

Getting Started

Testing Tools

You can interact with these services using various tools:

  • SoapUI: Professional SOAP testing tool (recommended)
  • Postman: HTTP client with SOAP support
  • Custom scripts: Python, Java, or other programming languages

Authentication

The AuthService uses WS-Security UsernameToken for authentication. Available credentials:

  • User: username='user', password='123456', role='projectWorker'

Learning Path

  1. Start with AuthService - practice basic SOAP authentication
  2. Explore the vulnerability challenges in AuthService
  3. Move to TimeService for advanced WS-Addressing attacks