[OWASP-WEBSCARAB] WebScarab / TimeStamp
discard at dawes.za.net
Mon Mar 7 12:43:36 EST 2005
Breitbach, Thomas wrote:
> Hi folks, hi Rogan,
> I am actually using the newest version of scarab for some security checks.
> One of these checks on the portal is to test the session timeout mechanism.
> For this it would be nice to have a time stamp in the summary window as
> well as the single conversation window.
> Of course this time stamp must be based on client- (that means scarab)
> What do you all think about a time stamp?
> Rogan: Is it possible to include this in an upcoming version?
Well, of course, there is nothing preventing you from doing this.
Probably the easiest way would be to timestamp it when the conversation
is added to the Framework, as a simple property of the conversation.
ConversationID id = _model.addConversation(request, response, origin);
Then, in the SummaryPanel, create a new ColumnDataModel that uses this
property to provide its values.
It would probably only be about 30-40 lines of code, if you are
interested in implementing it.
Places to look:
org.owasp.webscarab.plugin.Framework (central place for conversations to
be added to the model - implement the two lines given above in
org.owasp.webscarab.ui.swing.SummaryPanel - create a subclass of
org.owasp.webscarab.util.swing.ColumnDataModel to show the Date. get the
conversationProperty from the model, convert it from a String to a Long
to a long to a Date ;-).
Optionally provide a Date renderer to format the date in a pretty format
You should simply be able to copy one of the existing subclasses of
ColumnDataModel existing in SummaryPanel.
Good luck. Let me know if you have any questions.
P.S. if this is too complicated for you, I will probably implement this
in a future version anyway, but I'd appreciate your contribution.
P.P.S. There are three ways of getting the source for WebScarab.
1. Download the installer.
2. Download the src.zip.
3. Check it out from the CVS tree.
*ALL* messages to discard at dawes.za.net will be dropped, and added
to my blacklist. Please respond to "lists AT dawes DOT za DOT net"
More information about the Owasp-webscarab