FW: New WebScarab release

From: Dawes, Rogan (ZA - Johannesburg) (rdawes_at_deloitte.co.za)
Date: 11/19/03

  • Next message: Vaccare, Anthony: "RE: Foundry switch and VLAN hopping"
    To: pen-test@securityfocus.com
    Date: Wed, 19 Nov 2003 10:26:35 +0200
    
    

    WebScarab can be downloaded from the OWASP project page at
    http://sourceforge.net/projects/owasp

    Rogan

    -----Original Message-----
    From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes@deloitte.co.za]
    Sent: 18 November 2003 09:01 AM
    To: webappsec@securityfocus.com
    Subject: New WebScarab release

    Hi all,

    This is to announce a new release of WebScarab, a Java-based HTTP proxy
    which can be used to intercept and modify HTTP and HTTPS requests and
    responses in arbitrary ways.

    New features in this version:

    * Completely reworked RequestPanel and ResponsePanel, providing support for
    nearly arbitrary content-types. Currently there are Hex, Text, HTML and
    SerializedObject viewers, which are invoked automatically accoring to the
    Content-Type headers. There is also support for tabular editing of message
    headers. Editors for application/x-www-urlencoded and multi-part forms will
    be coming shortly.

    * The Text editor mentioned above supports "search" functionality, accessed
    via Ctrl-F.

    * An interesting feature is the addition of BeanShell scripting
    functionality, which allows the operator to perform completely arbitrary
    processing of a request or response. This functionality is available in both
    the proxy intercept windows, and the "conversation view" windows.

    * SessionID sampling and analysis. This is a new plugin designed to collect
    a large number of sessionIDs and graph them, so the operator can visually
    see if there are any patterns. Sessionids are converted to a BigInteger, by
    means of automatic per-position character set analysis (e.g. aaa, aab, aac
    == 1, 2, 3 resp, since the aaa does not ever change, and consequently maps
    to 0)

    * intercepting many requests simultaneously should no longer result in
    deadlock of the GUI.

    WebScarab should hopefully also be more robust, with many nullpointer
    exceptions hunted down and squashed.

    As usual all feedback is welcome. Error reports help to improve WebScarab,
    while "I use it in this way" helps to guide direction, and motivate me to
    continue ;-) Even "WebScarab sucks because . . . " is useful information ;-)

    I can usually also be reached as Gollum256 on AIM if anyone wants to chat
    online about WebScarab.

    Rogan

    -- 
    "Using encryption on the Internet is the equivalent of arranging an 
    armored car to deliver credit card information from someone living 
    in a cardboard box to someone living on a park bench."
      - Gene Spafford
    -- 
    Deloitte & Touche Security Services Group
    Tel: +27(11)806-6216     Fax: +27(11)806-5202     Cell: +27(82)784-9498
    -- 
    Important Notice: This email is subject to important restrictions,
    qualifications and disclaimers ("the Disclaimer") that must be accessed and
    read by clicking here or by copying and pasting the following address into
    your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The
    Disclaimer is deemed to form part of the content of this email in terms of
    Section 11 of the Electronic Communications and Transactions Act, 25 of
    2002. If you cannot access the Disclaimer, please obtain a copy thereof from
    us by sending an email to ClientServiceCentre@Deloitte.co.za.
    Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.
    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_pen-test_031023
    and use priority code SF4.
    ----------------------------------------------------------------------------
    

  • Next message: Vaccare, Anthony: "RE: Foundry switch and VLAN hopping"

    Relevant Pages

    • Re: NetBeans HTTP Monitor question
      ... Jonck van der Kogel wrote: ... > was interfering with requests to my servlets. ... > With WebScarab running the page would not load and in WebScarab I ... Please respond to "nntp AT dawes DOT za DOT net" ...
      (comp.lang.java.programmer)
    • Re: NetBeans HTTP Monitor question
      ... > You might want to try using a tool such as WebScarab ... >) to observe exactly what your client and server are sending to each other. ... was interfering with requests to my servlets. ...
      (comp.lang.java.programmer)