Ask a Question

SoapUI disable replacing

skyr00zx
Occasional Visitor

SoapUI disable replacing

Hello 

I'm currently using SoapUI for manual security testing. I have problem with replacing by payloads in client side.

For example entities  in my request are replaced on client side. This behaviour makes impossible for me to test some security cases like billion laughs attack.

Is there option to disable that replacement?

1 REPLY 1
KarelHusa
Frequent Contributor

Re: SoapUI disable replacing

Hi @skyr00zx ,

there is no standard option to disable text evaluation in functional tests, as far as I know.

 

But for security testing (billion laughs etc.) you can use Security tests and use the prepared messages or define your own, see the picture bellow. The entities aren't evaluated there.

 

KarelHusa_0-1634917022975.png

More about security testing in SoapUI at: https://www.soapui.org/docs/security-testing/getting-started/ .

 

Best regards,

Karel

 

cancel
Showing results for 
Search instead for 
Did you mean: