-
February 21st, 2005, 06:06 PM
#1
Senior Member
WebScarab - yay or nay?
Hello all-
I was going through my notes from a recent SANS workshop - the Web Application Security Workshop, and one of the tools they went over was a tool called WebScarab. In fact we had a pretty extensive lab exercise on it, and I thought the tool was pretty in-depth and offered some good information - especially with the Intercept proxy. [edit] They showed us it could do:
(From the presentation)
Interception Proxy: modify request parameters in transit
Spider: download and review a site offline
Request crafting: create and send specific or unusual requests
Session ID Analysis: analyze use of session IDs for weaknesses or discernable patterns
[/edit]
The tool is provided by OWASP (Open Web Application Security Project).
Link: http://www.owasp.org/ .
I was wondering if anyone has worked with this suite of tools and had good/bad/indifferent experiences, along with any tips.
TIA.
-
February 22nd, 2005, 05:48 AM
#2
Not WebScarab but use Achilles quite a bit. Have also used atStake's WebProxy but it's kinda a pain to install because it's picky about what JRE is installed. The drawback I've found with Achilles is that it will crash at times...but is easily restartable.
You can get Achilles here from Maven Security, security researcher/teacher David Rhodes' site. Had several of his classes and they were good. http://www.mavensecurity.com/achilles
Let us know if you ever check out WebScarab. OWASP is a great site for web arch info.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|