Sometimes, you will not be able to hack a web service directly. In that case, learn how the web service behaves by sending it unexpected XML content – for example, double elements:
<login>
<username>smartbear</username>
<password>ReaDyAP1R0ck5</password>
<password>ReaDyAP1R0ck5</password>
</login>
For this request, a response looks like this:
<loginresponse>
<error>password is allowed only once and must be at least 6 characters and at most 20 characters.</error>
</loginresponse>
To obtain more information, try some modifications:
<login>
<username>smartbear</username>
<username>smartbear</username>
<password>ReaDyAP1R0ck5</password>
<password>ReaDyAP1R0ck5</password>
</login>
<login>
<username>smartbear</username>
<username>smartbear</username>
<username>smartbear</username>
<password>ReaDyAP1R0ck5</password>
</login>