Hello all-

I was going through my notes from a recent SANS workshop - the Web Application Security Workshop, and one of the tools they went over was a tool called WebScarab. In fact we had a pretty extensive lab exercise on it, and I thought the tool was pretty in-depth and offered some good information - especially with the Intercept proxy. [edit] They showed us it could do:

(From the presentation)
Interception Proxy: modify request parameters in transit
Spider: download and review a site offline
Request crafting: create and send specific or unusual requests
Session ID Analysis: analyze use of session IDs for weaknesses or discernable patterns
[/edit]

The tool is provided by OWASP (Open Web Application Security Project).

Link: http://www.owasp.org/ .

I was wondering if anyone has worked with this suite of tools and had good/bad/indifferent experiences, along with any tips.

TIA.