Penetration Testing mailing list archives
FW: New WebScarab release
From: "Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>
Date: Wed, 19 Nov 2003 10:26:35 +0200
WebScarab can be downloaded from the OWASP project page at http://sourceforge.net/projects/owasp Rogan -----Original Message----- From: Dawes, Rogan (ZA - Johannesburg) [mailto:rdawes () deloitte co za] Sent: 18 November 2003 09:01 AM To: webappsec () securityfocus com Subject: New WebScarab release Hi all, This is to announce a new release of WebScarab, a Java-based HTTP proxy which can be used to intercept and modify HTTP and HTTPS requests and responses in arbitrary ways. New features in this version: * Completely reworked RequestPanel and ResponsePanel, providing support for nearly arbitrary content-types. Currently there are Hex, Text, HTML and SerializedObject viewers, which are invoked automatically accoring to the Content-Type headers. There is also support for tabular editing of message headers. Editors for application/x-www-urlencoded and multi-part forms will be coming shortly. * The Text editor mentioned above supports "search" functionality, accessed via Ctrl-F. * An interesting feature is the addition of BeanShell scripting functionality, which allows the operator to perform completely arbitrary processing of a request or response. This functionality is available in both the proxy intercept windows, and the "conversation view" windows. * SessionID sampling and analysis. This is a new plugin designed to collect a large number of sessionIDs and graph them, so the operator can visually see if there are any patterns. Sessionids are converted to a BigInteger, by means of automatic per-position character set analysis (e.g. aaa, aab, aac == 1, 2, 3 resp, since the aaa does not ever change, and consequently maps to 0) * intercepting many requests simultaneously should no longer result in deadlock of the GUI. WebScarab should hopefully also be more robust, with many nullpointer exceptions hunted down and squashed. As usual all feedback is welcome. Error reports help to improve WebScarab, while "I use it in this way" helps to guide direction, and motivate me to continue ;-) Even "WebScarab sucks because . . . " is useful information ;-) I can usually also be reached as Gollum256 on AIM if anyone wants to chat online about WebScarab. Rogan -- "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." - Gene Spafford -- Deloitte & Touche Security Services Group Tel: +27(11)806-6216 Fax: +27(11)806-5202 Cell: +27(82)784-9498 -- Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za. Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za. --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_pen-test_031023 and use priority code SF4. ----------------------------------------------------------------------------
Current thread:
- FW: New WebScarab release Dawes, Rogan (ZA - Johannesburg) (Nov 19)