Wsdler icon indicating copy to clipboard operation
Wsdler copied to clipboard
verified publisher icon NetSPI

Broken parsing - wrong host

Open floyd-fuh opened this issue 3 years ago • 0 comments

Hi there,

I've encountered it several times already that the hostname and port where requests are sent to are wrong. In my current example this leads to a fully unusable extension. After parsing the WSDL, it will fetch the XSD from the server. The XSD has a reference:

<xsd:import namespace="http://www.w3.org/2005/05/xmlmime"

However, the extension then fetches /2005/05/xmlmime from the server where the WSDL is located instead of www.w3.org. Of course that results in a 403 HTML response and then the parser fails with:

WSDLException (at /wsdl:definitions/wsdl:types/xsd:schema/xsd:schema): faultCode=PARSER_ERROR: Problem parsing 'http://www.w3.org/2005/05/xmlmime'.: org.xml.sax.SAXParseException: The element type "meta" must be terminated by the matching end-tag "</meta>".

Looks like the parsing logic here is wrong:

https://github.com/NetSPI/Wsdler/blob/102d9de4a78ee0092473ef6160fe741cf993508d/src/main/java/burp/WSDLParser.java#L145

Workaround:

Had to proxy Burp through Burp and intercept HTTP responses, then simply replace the 404 status code with 200 and paste the XML response of view-source:https://www.w3.org/2005/05/xmlmime

floyd-fuh avatar Apr 04 '22 09:04 floyd-fuh