Having Trouble Testing WCF Endpoints or WCF-Based Client-Server Applications?
As .NET developers, QA and pentesters, we all know that it’s hard to test WCF applications, mostly due to the fact that there are no standard, easy-to-use tools that let us test an existing WCF endpoint (that supports multiple authentication scenarios) and existing WCF client-server applications, viewing and manipulating incoming and outgoing messages.
The AppSec Labs WCF Toolkit will allow you to perform complex actions on your testing application/endpoint with a single-click, the following is only a partial list:
View and manipulate incoming and outgoing traffic for any WCF client-server application using your favorite proxy!
Test applications that use different types of credentials (username, Windows integrated, certificate and anonymous)!
Test a WCF endpoint to which you have no client!
AppSec Labs WCF Toolkit Features
The AppSec Labs WCF Toolkit features were developed based on experience acquired through performing many penetration tests on WCF-based application. In addition, feature requests are very welcome, simply email us your ideas and suggestions: firstname.lastname@example.org
AppSec Labs WCF Toolkit – Free Download
|Feature||AppSec Labs WCF Toolkit||WCFTestClient|
|Offered Services||Multipurpose Generic Client and WCF Client-Server Proxy||Generic Client Only|
|Message Interception||Advanced Interception – Supports External Proxy (not provided)||Not Supported|
|Message Modification||Both requests and responses||Not Supported|
|WCF Credentials modification||V||X (No Client – Server Proxy)|
|Support for multiple WCF credentials (Generic Client)||V – Prompts upon request (No configuration is required!)||V – Difficult to configure and change|
|Client-Proxy protocol||HTTP/TCP and more||HTTP|
|Sample App and Demo||Supplied – AppSec Labs WCF HacmeCasino||X|