WebApp Sec mailing list archives
New release of WebScarab
From: Rogan Dawes <discard () dawes za net>
Date: Mon, 27 Dec 2004 15:42:35 +0100
(Please note my obfuscated reply-to address, if you reply to me directly) Hi folks, A short announcement to let you all know that there is a new version of WebScarab available on SourceForge. <https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823&release_id=292605> There have been a lot of changes under the covers from the last version released on SF. Most importantly, I have squashed a number of bugs, but there are also a number of new features, or reworking of old features. For example: WebScarab uses the concept of Sessions to manage the conversations that it sees, and the data generated by the various plugins. Previously, it may have been possible to use WebScarab without creating a session. In those circumstances, much of WebScarab still worked, but features such as reviewing the details of a particular conversation did not. WebScarab now creates a temporary directory, which it uses as a session directory if no session is explicitly created or opened. This temporary directory is deleted when WebScarab exits, so there should be no "droppings" left behind. ;-) The internals of WebScarab have been reworked to support multiple backends. For example, to get WebScarab to save its data into a database is as simple as implementing the various *Store interfaces. Anyone interested in this should have a look at the various FileSystemStore classes that already exist. This could do with some better documentation, though. WebScarab has been made more "operator-friendly". It tries to remember where various UI elements were placed and sized on previous runs, and reuses those parameters. This should hopefully be the beginning of the end of resizing and selecting various tabs when intercepting conversations, for example. This is incomplete, and will hopefully improve further in future releases. There are a couple of new content editors defined, most notably a Multi-Part editor, that allows for visualisation and manipulation of Multi-part messages (i.e. forms that include file upload fields). The Hex editor now also supports saving of the editor content (Ctrl-S) to a file, and, if it is editable, loading an arbitrary file (Ctrl-L) to replace the previous content. The BeanShell "view" in the Conversation frames has gone. I've never used it, so I figured others were probably also not using it! ;-) Let me know if this is a problem. The main reason is that the BeanShell JConsole was leaking memory, and threads as well, and I couldn't work out how to stop that. The SessionID analysis plugin has been enhanced. It is now not necessary to name the cookie in order to extract it for analysis. All cookies that are seen in the response are extracted, analysed and graphed. There is now a "Fragments" plugin, which shows unique script and comment fragments that were observed in the response bodies. It is also possible to see any scripts and comments for specific conversations or URL's, by right-clicking on the tree or table, and selecting the appropriate menu option. There is probably a lot of other new functionality that I can't remember right now. For more details, have a look at the ChangeLog attached to the file release at sourceforge. <https://sourceforge.net/project/shownotes.php?release_id=292605> Please let me know what you think, or if you have any problems with this release. Regards, Rogan -- Rogan Dawes *ALL* messages to discard () dawes za net will be dropped, and added to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
Current thread:
- New release of WebScarab Rogan Dawes (Dec 28)