================

19. January 2017

================

New Compression DoS Attack based on In the Compression Hornets Nest: A Security
Study of Data Compression in Network Services"
- Thanks to RemiMHFU for pulling
Bugfix for XXE
- Thanks to putsi
Proxy fixes
- Should now work with Burp Suite with all plugins

===============
10. July 2015
===============

New Intelligent Denial-of-Service Plugin (by Christian Altmeier):

- Fully automatic detection of DoS Weaknesses
- Detects Thresholds
- Improved time measurement ("last byte sent" till "first byte received")
Framework Changes
- Support for plugin icons

===============
12. May 2015
===============

New XML-Encryption Attack Plugin (by Dennis Kupser):

- Automatically detects XML-Encryption Attack countermeasures
- Attacks symmetric XML-Encryption
(http://nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/HowToBreakXMLenc.pdf)
- Attacks asymmetric XML-Encryption via Bleichenbacher Fault Oracle
(http://nds.rub.de/media/nds/veroeffentlichungen/2012/12/19/XMLencBleichenbacher.pd
f)
Many Bugfixes

===============
19. March 2015
===============

Framework Changes:
- The code design was a bit out-dated since 2009. Thus, it is heavily
refactored. Most important change: Almost every component like
AbstractPlugin or AbstractOption are now using the Java bean concept.
This was needed to improve the UI.
- New Plugin Configuration Screen, new UI Components for Options
- New Request/Response GUI
- Support for additional/custom HTTP Headers
- Shows response HTTP Headers
- URL Endpoint is now changeable
- Simplyfied maven structure
- Added custom checkstyle rules
- Bumped SoapUI to version 4.6.4
- Framework now saves last used WSDL URI
- Code improvements and Bug Fixes (thanks to Christian Altmeier)
- Proxysupport

=============
24. Juni 2013
=============

New XML-Denial-of-Service Plugin (by Andreas Falkenberg):

- Various Attack Techniques
-Coercive Parsing
-Hash Collision Attack (DJBX31A, DJBX33A, DJBX33X)
-SOAP Array Attack
-XML Attribute Count Attack
-XML Element Count Attack
-XML Entity Expansion Attack
-XML External Entity Attack
-XML Overlong Element Names
- After the attack is finished, right click on the Plugin in the "Attack
Overview" to see more details!

General:
- Splitted Signature Wrapping Plugin into a "Plugin" and its "Library
Functions"
- Library is independent of Main WS-Attacker Framework

Signature Wrapping Plugin improved:

- Now it is possible to right click on the Plugin in the "Attack Overview"
to slide through all XSW possibilities

Signature Wrapping Library improved:

- Improved compatibility when Signatures sign Signatures (Usefull e.g. for
SAML Responses which sign SAML Assertions)
- New and better XML Schema Analyzer

New Signature Faking Library (by Juraj Somorovsky):

- Creates a new Signature Value for a given XML Signature by using a newly
created Fake Certificate
- Yet only available as a Library (No WS-Attacker Plugin available)

Framework Changes:
- Very small GUI improvements
- lalib-checkboxtree library now added locally because of Maven repository
changes

=================
05. November 2012
=================

Signature Wrapping Plugin improved:

- SAML over SOAP Working
- XSW-IDs now randomly chosen instead of prepending the string "atk-"
- It is now possible to analyse responses. To do this, right-click on the XSW
plugin in the Attack-Overview Button after the attack is finished.

Framework Changes:
- Some GUI Elements have been recreated using Netbeans Form Designer (Matisse)
- Support for plugin functions -> See XSW response analysis
- Libraries are now used in a "lib" folder instead of repacking it into the JAR

============
4. July 2012
============
Added XML Signature Wrapping Plugin:
- Technique for automatically attacking XML Signature protected Web Services
- Just set the endpoint and follow the instructions on the Plugin Config screen

Framework Changes:
- Options Window is now Scrollable
- Some minor changes.

Release Note:
- Now only one format (zip) available
- Source Code can be checked in GIT Repository