New release of WebScarab

[Rogan Dawes <discard () dawes za net>]

(Please note my obfuscated reply-to address, if you reply to me directly)

Hi folks,

A short announcement to let you all know that there is a new version of
WebScarab available on SourceForge.

<https://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823&release_id=292605>

There have been a lot of changes under the covers from the last version
released on SF. Most importantly, I have squashed a number of bugs, but
there are also a number of new features, or reworking of old features.

For example:

WebScarab uses the concept of Sessions to manage the conversations that
it sees, and the data generated by the various plugins. Previously, it
may have been possible to use WebScarab without creating a session. In
those circumstances, much of WebScarab still worked, but features such
as reviewing the details of a particular conversation did not. WebScarab
now creates a temporary directory, which it uses as a session directory
if no session is explicitly created or opened. This temporary directory
is deleted when WebScarab exits, so there should be no "droppings" left
behind. ;-)

The internals of WebScarab have been reworked to support multiple
backends. For example, to get WebScarab to save its data into a database
is as simple as implementing the various *Store interfaces. Anyone
interested in this should have a look at the various FileSystemStore
classes that already exist. This could do with some better
documentation, though.

WebScarab has been made more "operator-friendly". It tries to remember
where various UI elements were placed and sized on previous runs, and
reuses those parameters. This should hopefully be the beginning of the
end of resizing and selecting various tabs when intercepting
conversations, for example. This is incomplete, and will hopefully
improve further in future releases.

There are a couple of new content editors defined, most notably a
Multi-Part editor, that allows for visualisation and manipulation of
Multi-part messages (i.e. forms that include file upload fields).

The Hex editor now also supports saving of the editor content (Ctrl-S)
to a file, and, if it is editable, loading an arbitrary file (Ctrl-L) to
replace the previous content.

The BeanShell "view" in the Conversation frames has gone. I've never
used it, so I figured others were probably also not using it! ;-) Let me
know if this is a problem. The main reason is that the BeanShell
JConsole was leaking memory, and threads as well, and I couldn't work
out how to stop that.

The SessionID analysis plugin has been enhanced. It is now not necessary
to name the cookie in order to extract it for analysis. All cookies that
are seen in the response are extracted, analysed and graphed.

There is now a "Fragments" plugin, which shows unique script and comment
fragments that were observed in the response bodies. It is also possible
to see any scripts and comments for specific conversations or URL's, by
right-clicking on the tree or table, and selecting the appropriate menu
option.

There is probably a lot of other new functionality that I can't remember
right now. For more details, have a look at the ChangeLog attached to
the file release at sourceforge.

<https://sourceforge.net/project/shownotes.php?release_id=292605>

Please let me know what you think, or if you have any problems with this
 release.

Regards,

Rogan
--
Rogan Dawes

*ALL* messages to discard () dawes za net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"