Looking for an extension to parse WSDL files while pentesting SOAP services, Wsdler extension is for you. It’s easy to use and has no dependencies.
|Extension Availability||Source Code||Dependencies||Author|
How to configure this extension
Head over to BApp store under the Extender section. Click on Wsdler and click Install on the right side under the description. On successfully installing the extension, you will find a new tab in Burp Suite.
In Burp Suite, right-click on the HTTP request in the Proxy history, and select Parse WSDL. If the response contains a valid WSDL file, the extension parses it and displays all the requests under the Wsdler tab.
You can right-click on each request under the Wsdler tab and send it to Repeater to manually play with the HTTP requests.
Also, note that if the response is not a valid WSDL file, the extension errors out with the following message.
When to use this extension?
This extension is convenient when you are pentesting SOAP services which expose WSDL file. This extension removes the pain of loading the WSDL file in SoapUI and hitting each SOAP endpoint with Burp as a proxy.