Re(2): [tool] Webstretch - open source web toolkit

["Mallia Cedric at MITTS" <cedric.mallia () gov mt>]

I Find Burp proxy from portswigger does all this already.

acid_lemon () hotmail com  (21/07/2004  09:16):
> In-Reply-To: <40FBE120.2050702 () dolphtech com>
>
> I prefer WebScarab, still in beta version. Paros was my first choice, but
doesn't support Authenticathed Proxies. Altough it works with basic-auth
proxies, but non-SSL connections. > >One good point with Paros is that it can
check some XSS and SQL Injection (with a lot of false positives, of course) and
look for old files or source files in your application. > >AC >> >>I have not
looked at your program yet, but take a look at Paros.   >>(http://www.
proofsecure.com/index.shtml) >> >>What are the current plans for SSL support ?
> > > > > > Rogan Dawes wrote: >> >>> Hi Simon, and others. >>> >>> Just thought
that I'd point out that WebScarab does all of the  >>> below-mentioned things,
and a LOT more besides. It is also Java, part  >>> of the OWASP project, etc,
etc. >>> >>> Rather than duplicating effort, it seems to me that it makes sense
to  >>> combine efforts to create a single best-of-breed tool. >>> >>> All
contributions to WebScarab are most welcome. Right now, Webscarab  >>> is going
through a re-architecture phase, but the latest version on  >>> sourceforge is
quite stable (I think - at least, I've received no bug  >>> reports). >>> >>>
Please try it, and let me know if there is something missing that you  >>> need.
> > > > > > https://sourceforge.net/project/showfiles.
php?group_id=64424&package_id=61823  >>> >>> >>> Regards, >>> >>> Rogan Dawes
> > > > > > Simon Shanks wrote: >>> >>>> >>>> Tool available at ... >>>> >>>>
http://sourceforge.net/projects/webstretch >>>> (written in Java) >>>> >>>>
Enables a user to view & alter all aspects of http comunication with a >>>> web
site via a proxy. Primarily used for security based penetration >>>> testing of
web sites, it can also be used for debugging during >>>> development. Basically,
its main feature is that it allows you to >>>> access the web, and shows you
the information its about to pass to the >>>> web server, so that you can view
& alter any info (all while still in >>>> your browser) >>>> >>>> New features
appearing all the time. e.g. >>>> >>>> * request alteration >>>> * request
viewing >>>> * html comment detection >>>> * browser impersonation >>>> *
hidden area detection >>>> * proxy chaining >>>> >>>> Please add any problems,
feature requests, comments, etc to the page >>>> linked above. >>> >>> >> >>

Regards,

Cedric M Mallia
Quality Assurance Analyst
Quality Assurance Unit, Office of the CIO & DCEO

Malta Information Technology & Training Services Ltd.
Gattard House, National Road, Blata l-Bajda, HMR 02, Malta

Phone: (+356) 2599 2457
e-mail:       cedric.mallia () gov mt

This message may contain confidential information and is intended solely for
the individual named. If you are not the intended recipient you should not
disseminate, distribute or copy the contents of this e-mail. If you have
received this message by mistake, please notify the sender immediately and
permanently destroy both the message and its contents. The security,
reliability of delivery and integrity of this e-mail transmission cannot be
guaranteed as information could be modified in transit or may contain viruses.
The sender, therefore, does not in any way accept any liability that may arise
through this message.

End of Text