asked on

SOAPAction - analyzing a POST packet

Experts,

novice here with web application developing. After sniffing traffic between a client and server, I have a few questions on a POST packet captured from the client's perspective.

#1) SOAPAction: "http://www.smartassembly.com/webservices/UploadReportLogin/GetServerURL"
Smart assembly is a company that obfuscates programming code. What is the above line doing?

#2) UploadReportLogin/"><licenseID>671ad142-71a5-126b-7853-67bd6d06ea5f</licenseID></GetServerURL></soap:Body></soap:Envelope>POST /Reporting.asmx HTTP/1.1
SOAPAction: "http://www.smartassembly.com/webservices/Reporting/UploadReport5"
What is the above code doing? Looks to be defining a variable. note: I randomly changed the license ID # before posting.

#3) In the last paragraph I see a bunch of encrypted data after the license ID. snippet below. What may have happened?

Reporting/"><licenseID>671ad142-71a5-126b-7853-67bd6d06ea5f</licenseID><data>ezE3RTc2NzhELUQ5OEEtNEQzNC04RThFLUYyOTRDMTc0RThBM30BEJq2P5LuvGhl/9Uk7sh1/sI8smESh7Em24lK73H3oS7i88z3uCz++oZ0re4OjBn9IpdwV70EjYwh2JY6ianTIozgl8a/N8rvxuNyMq0f/Wrf1MYktNLoF+pgQ3nxW7WGcZtqJtiAkaQv63Hbm7Ai5UgdA1GI3k2KPJV5H9XLiZS0u6YqBqL1QWmDUk0ZQTgpBhB4hKN06ulrcvnEsRSLMqX7mPleltNtwJjA1SL6QeQGJm6ndYS34/JNVP

ASKER CERTIFIED SOLUTION

btan

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

trojan81

ASKER

btan,
does it appear to you that the client is uploading a report or downloading a report or not enough information to make that distinction?

btan

As of now, based on the "UploadReportLogin" services called by client, that is the only hint that we can sieve out from the sniffed traffic. Not enough to say it is uploading or downloading. You probably has to do a couple of more sniffing of the subsequent traffic after the "login" authenticity req is met and proceed with user actions...