WebApp Sec mailing list archives
Re: [tool] Webstretch - open source web toolkit
From: Max <reply.to.newsgroup () mozilla org>
Date: Mon, 19 Jul 2004 14:26:21 +0200
Yabut... WebScarab is unstable. It often freezes on my machine.WebStrech does not seem to intercept both way communication (from what I tried an hour or so ago); it does not allow you to modify responses... and that's a must.
Personally, I do a lot of App Pen tests and highly prefer Paros. It's stable like rock, very easy to use, great for mapping a web site hierarchy and even has a nice scanner.
Cheers, -- M@x Rogan Dawes wrote:
Hi Simon, and others.Just thought that I'd point out that WebScarab does all of the below-mentioned things, and a LOT more besides. It is also Java, part of the OWASP project, etc, etc.Rather than duplicating effort, it seems to me that it makes sense to combine efforts to create a single best-of-breed tool.All contributions to WebScarab are most welcome. Right now, Webscarab is going through a re-architecture phase, but the latest version on sourceforge is quite stable (I think - at least, I've received no bug reports).Please try it, and let me know if there is something missing that you need.https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823Regards, Rogan Dawes Simon Shanks wrote:Tool available at ... http://sourceforge.net/projects/webstretch (written in Java) Enables a user to view & alter all aspects of http comunication with a web site via a proxy. Primarily used for security based penetration testing of web sites, it can also be used for debugging during development. Basically, its main feature is that it allows you to access the web, and shows you the information its about to pass to the web server, so that you can view & alter any info (all while still in your browser) New features appearing all the time. e.g. * request alteration * request viewing * html comment detection * browser impersonation * hidden area detection * proxy chaining Please add any problems, feature requests, comments, etc to the page linked above.
Current thread:
- [tool] Webstretch - open source web toolkit Simon Shanks (Jul 16)
- Re: [tool] Webstretch - open source web toolkit Rogan Dawes (Jul 19)
- Re: [tool] Webstretch - open source web toolkit Max (Jul 19)
- Re: [tool] Webstretch - open source web toolkit Rogan Dawes (Jul 20)
- Re: [tool] Webstretch - open source web toolkit Mark W. Webb (Jul 19)
- Re: [tool] Webstretch - open source web toolkit Max (Jul 19)
- <Possible follow-ups>
- Re: [tool] Webstretch - open source web toolkit acid_lemon (Jul 21)
- Re(2): [tool] Webstretch - open source web toolkit Mallia Cedric at MITTS (Jul 22)
- Re: [tool] Webstretch - open source web toolkit Rogan Dawes (Jul 19)