Forum Discussion

skyr00zx's avatar
skyr00zx
Occasional Visitor
4 years ago

SoapUI disable replacing

Hello 

I'm currently using SoapUI for manual security testing. I have problem with replacing by payloads in client side.

For example entities  in my request are replaced on client side. This behaviour makes impossible for me to test some security cases like billion laughs attack.

Is there option to disable that replacement?

  • KarelHusa's avatar
    KarelHusa
    Champion Level 1

    Hi skyr00zx ,

    there is no standard option to disable text evaluation in functional tests, as far as I know.

     

    But for security testing (billion laughs etc.) you can use Security tests and use the prepared messages or define your own, see the picture bellow. The entities aren't evaluated there.

     

    More about security testing in SoapUI at: https://www.soapui.org/docs/security-testing/getting-started/ .

     

    Best regards,

    Karel