[Owasp-webscarab] Re: BeanShell Example
discard at dawes.za.net
Tue Aug 17 04:51:42 EDT 2004
Laurent Hausermann wrote:
> Many thanks Rogan for such a detailled email !
> I understand now well the design and the philosophy for WebScarab. In
> fact, I played with modifying the header,
> and combined with "Intercept Request" I could do it "on the fly"...
> really cool stuff.
> I have also looked at the source code, and I realized that the code for
> "getParameters" and "setParameters" was commented out... and I wanted to
> make a script that rebuild parameter with some random number (in order
> to test the cgi handling the request).
> Like this :
> import java.util.Random;
> random_gen = new Random();
> int random_num = random_gen.nextInt( 10 );
> request.addParameter("my_id", random_num);
> Have you got a way to manipulate the POST parameters like this with a
> Bean Shell script ?
Well, the get and setParameters code was commented out, because it was
making assumptions about the request that were potentially invalid. e.g.
if we have a multi-part POST, the parameters are constructed in a
The correct way to do it would be to build up your POST body yourself as
a String, or StringBuffer, and apply it using
> Moreover, I would add some features request :
> o It would be great to have basic script loading/unloading feature.
> The minimum, should be to load script from file and to have an history
> window where
> you could rerun them. Some shortcut on script should be great also.
It is intended, certainly, but I have not got around to implementing
that. If you are interested in contributing to WebScarab, maybe that is
where you could start?
> o Is there any way to have interaction with WebScarab user like a
> Popup window to ask for script parameters ?
Yes, you can do anything that you can in Java, using beanscript. Just be
careful to do things in the appropriate threads, because GUI stuff must
run in the Swing event dispatching thread. Check how the ManualEdit
plugin works for details/ideas.
> o Is there any "output" console, currently if you do a
> "System.out.println", your output is on the application console. An
> output window could be great.
I'm not currently sure how to set the output stream. In fact, I'm not
sure where to send it to. Maybe a window in the panel where you enter
the script? What do you think?
> I appreciate the "open" way you are designing and developping WebScarab,
> go on !
I intend to! ;-) Thanks for the encouragement!
*ALL* messages to discard at dawes.za.net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
More information about the Owasp-webscarab