WebApp Sec mailing list archives
Re: [tool] Webstretch - open source web toolkit
From: <acid_lemon () hotmail com>
Date: 21 Jul 2004 08:16:48 -0000
In-Reply-To: <40FBE120.2050702 () dolphtech com> I prefer WebScarab, still in beta version. Paros was my first choice, but doesn't support Authenticathed Proxies. Altough it works with basic-auth proxies, but non-SSL connections. One good point with Paros is that it can check some XSS and SQL Injection (with a lot of false positives, of course) and look for old files or source files in your application. AC
I have not looked at your program yet, but take a look at Paros. (http://www.proofsecure.com/index.shtml) What are the current plans for SSL support ? Rogan Dawes wrote:Hi Simon, and others. Just thought that I'd point out that WebScarab does all of the below-mentioned things, and a LOT more besides. It is also Java, part of the OWASP project, etc, etc. Rather than duplicating effort, it seems to me that it makes sense to combine efforts to create a single best-of-breed tool. All contributions to WebScarab are most welcome. Right now, Webscarab is going through a re-architecture phase, but the latest version on sourceforge is quite stable (I think - at least, I've received no bug reports). Please try it, and let me know if there is something missing that you need. https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823 Regards, Rogan Dawes Simon Shanks wrote:Tool available at ... http://sourceforge.net/projects/webstretch (written in Java) Enables a user to view & alter all aspects of http comunication with a web site via a proxy. Primarily used for security based penetration testing of web sites, it can also be used for debugging during development. Basically, its main feature is that it allows you to access the web, and shows you the information its about to pass to the web server, so that you can view & alter any info (all while still in your browser) New features appearing all the time. e.g. * request alteration * request viewing * html comment detection * browser impersonation * hidden area detection * proxy chaining Please add any problems, feature requests, comments, etc to the page linked above.
Current thread:
- [tool] Webstretch - open source web toolkit Simon Shanks (Jul 16)
- Re: [tool] Webstretch - open source web toolkit Rogan Dawes (Jul 19)
- Re: [tool] Webstretch - open source web toolkit Max (Jul 19)
- Re: [tool] Webstretch - open source web toolkit Rogan Dawes (Jul 20)
- Re: [tool] Webstretch - open source web toolkit Mark W. Webb (Jul 19)
- Re: [tool] Webstretch - open source web toolkit Max (Jul 19)
- <Possible follow-ups>
- Re: [tool] Webstretch - open source web toolkit acid_lemon (Jul 21)
- Re(2): [tool] Webstretch - open source web toolkit Mallia Cedric at MITTS (Jul 22)
- Re: [tool] Webstretch - open source web toolkit Rogan Dawes (Jul 19)