0

1) Is it possible using burp suite/ ZAP or any other web testing tools to find out if an application is making calls to web services?

2) As SOAP web services reply in XML is it also possible to view the responses of
the HTML request to distinguish between use of REST web services?

Thanks

Proxee
  • 1
  • 2
  • Welcome at stackoverflow, before you continue please read https://stackoverflow.com/help/how-to-ask. This will help you to rephrase your current question to a SO question. Start by adding what you have tried and some code samples. – Peter Jul 03 '17 at 12:24

1 Answers1

0

Yes, this is normally possible.

You need to configure the application to use the interactive proxy (Burp, Zap, etc.) as its proxy. Most applications will use your system proxy settings.

Once the proxy is configured, you can see a full history of HTTP interactions (in Burp: Proxy > HTTP History). This includes requests and responses, which will clearly indicate a SOAP or REST service.

PortSwigger
  • 277
  • 1
  • 8
  • Thanks for the reply! I still have an issue, i'm doing security tests on applications, but the communication with the developer is limited, due to this i'm not sure if the application makes any use of web services, so is there a test i can perform to see if there are calls going out to third party providers without going through the source code? – Proxee Jul 03 '17 at 13:47
  • @Proxee Did you try setting a proxy? Otherwise, there are network sniffers like Wireshark – PortSwigger Jul 03 '17 at 14:10