WebApp Sec mailing list archives
Re(2): [tool] Webstretch - open source web toolkit
From: "Mallia Cedric at MITTS" <cedric.mallia () gov mt>
Date: 22 Jul 2004 07:40:00 +0100
I Find Burp proxy from portswigger does all this already. acid_lemon () hotmail com (21/07/2004 09:16):
In-Reply-To: <40FBE120.2050702 () dolphtech com> I prefer WebScarab, still in beta version. Paros was my first choice, but
doesn't support Authenticathed Proxies. Altough it works with basic-auth proxies, but non-SSL connections. > >One good point with Paros is that it can check some XSS and SQL Injection (with a lot of false positives, of course) and look for old files or source files in your application. > >AC >> >>I have not looked at your program yet, but take a look at Paros. >>(http://www. proofsecure.com/index.shtml) >> >>What are the current plans for SSL support ?
Rogan Dawes wrote: >> >>> Hi Simon, and others. >>> >>> Just thought
that I'd point out that WebScarab does all of the >>> below-mentioned things, and a LOT more besides. It is also Java, part >>> of the OWASP project, etc, etc. >>> >>> Rather than duplicating effort, it seems to me that it makes sense to >>> combine efforts to create a single best-of-breed tool. >>> >>> All contributions to WebScarab are most welcome. Right now, Webscarab >>> is going through a re-architecture phase, but the latest version on >>> sourceforge is quite stable (I think - at least, I've received no bug >>> reports). >>> >>> Please try it, and let me know if there is something missing that you >>> need.
https://sourceforge.net/project/showfiles.
php?group_id=64424&package_id=61823 >>> >>> >>> Regards, >>> >>> Rogan Dawes
Simon Shanks wrote: >>> >>>> >>>> Tool available at ... >>>> >>>>
http://sourceforge.net/projects/webstretch >>>> (written in Java) >>>> >>>> Enables a user to view & alter all aspects of http comunication with a >>>> web site via a proxy. Primarily used for security based penetration >>>> testing of web sites, it can also be used for debugging during >>>> development. Basically, its main feature is that it allows you to >>>> access the web, and shows you the information its about to pass to the >>>> web server, so that you can view & alter any info (all while still in >>>> your browser) >>>> >>>> New features appearing all the time. e.g. >>>> >>>> * request alteration >>>> * request viewing >>>> * html comment detection >>>> * browser impersonation >>>> * hidden area detection >>>> * proxy chaining >>>> >>>> Please add any problems, feature requests, comments, etc to the page >>>> linked above. >>> >>> >> >> Regards, Cedric M Mallia Quality Assurance Analyst Quality Assurance Unit, Office of the CIO & DCEO Malta Information Technology & Training Services Ltd. Gattard House, National Road, Blata l-Bajda, HMR 02, Malta Phone: (+356) 2599 2457 e-mail: cedric.mallia () gov mt This message may contain confidential information and is intended solely for the individual named. If you are not the intended recipient you should not disseminate, distribute or copy the contents of this e-mail. If you have received this message by mistake, please notify the sender immediately and permanently destroy both the message and its contents. The security, reliability of delivery and integrity of this e-mail transmission cannot be guaranteed as information could be modified in transit or may contain viruses. The sender, therefore, does not in any way accept any liability that may arise through this message. End of Text
Current thread:
- [tool] Webstretch - open source web toolkit Simon Shanks (Jul 16)
- Re: [tool] Webstretch - open source web toolkit Rogan Dawes (Jul 19)
- Re: [tool] Webstretch - open source web toolkit Max (Jul 19)
- Re: [tool] Webstretch - open source web toolkit Rogan Dawes (Jul 20)
- Re: [tool] Webstretch - open source web toolkit Mark W. Webb (Jul 19)
- Re: [tool] Webstretch - open source web toolkit Max (Jul 19)
- <Possible follow-ups>
- Re: [tool] Webstretch - open source web toolkit acid_lemon (Jul 21)
- Re(2): [tool] Webstretch - open source web toolkit Mallia Cedric at MITTS (Jul 22)
- Re: [tool] Webstretch - open source web toolkit Rogan Dawes (Jul 19)