Results 1 to 2 of 2

Thread: WebScarab - yay or nay?

  1. #1
    Senior Member
    Join Date
    Jan 2005

    Question WebScarab - yay or nay?

    Hello all-

    I was going through my notes from a recent SANS workshop - the Web Application Security Workshop, and one of the tools they went over was a tool called WebScarab. In fact we had a pretty extensive lab exercise on it, and I thought the tool was pretty in-depth and offered some good information - especially with the Intercept proxy. [edit] They showed us it could do:

    (From the presentation)
    Interception Proxy: modify request parameters in transit
    Spider: download and review a site offline
    Request crafting: create and send specific or unusual requests
    Session ID Analysis: analyze use of session IDs for weaknesses or discernable patterns

    The tool is provided by OWASP (Open Web Application Security Project).

    Link: http://www.owasp.org/ .

    I was wondering if anyone has worked with this suite of tools and had good/bad/indifferent experiences, along with any tips.

    \"An ant may well destroy a whole dam.\" - Chinese Proverb
    \"Not only can water float a craft, it can sink it also.\" - Chinese Proverb


  2. #2
    oldie ric-o's Avatar
    Join Date
    Nov 2002
    Not WebScarab but use Achilles quite a bit. Have also used atStake's WebProxy but it's kinda a pain to install because it's picky about what JRE is installed. The drawback I've found with Achilles is that it will crash at times...but is easily restartable.

    You can get Achilles here from Maven Security, security researcher/teacher David Rhodes' site. Had several of his classes and they were good. http://www.mavensecurity.com/achilles

    Let us know if you ever check out WebScarab. OWASP is a great site for web arch info.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts