[OWASP-WEBSCARAB] Some webscarab-ng testing

xxradar xxradar at radarhack.com
Tue Jun 27 08:04:04 EDT 2006 

Hi Rogan,
First of all nice work, the first impression of the look and feel is great.
Secondly, congratulations with 35th ranking.


I more or less experience the same issues as already mentioned about the
data store logging, the new window and Proxy entry in the menu.

A thing that came up is when I launch WSNG, every request is intercepted by
default.  I turned the Toggle Proxy Control Bar and turned on/of the
checkbox, it operated normal apparently. When I closed the WSNG, the toolbar
did not disappear and is not linked to the interface (it like borderless
pane that is lost :-).

Hope the info is useful, and once again, nice work !!
(I never even tried Paros :-;)




-----Original Message-----
From: owasp-webscarab-bounces at lists.sourceforge.net
[mailto:owasp-webscarab-bounces at lists.sourceforge.net] On Behalf Of Rogan
Dawes
Sent: Tuesday, June 27, 2006 12:41 PM
To: Javier Fernandez-Sanguino
Cc: OWASP WebScarab
Subject: Re: [OWASP-WEBSCARAB] Some webscarab-ng testing

Javier Fernandez-Sanguino wrote:
> Hi there Rogan,
> 
> I downloaded both the ng-libs.tar.gz and the jar for the NG version of 
> Webscarab from your site. Unfortunately, even if the GUI starts up, no 
> proxy listeners are started and no indication is given as to why it 
> doesn't work.

Ok, not sure about that. Please try it with the new startup batch file 
(see below), and let me know if you are still seeing the same problem.

> 
> If I go to Plugin->Proxy listener, an error will popup saying 
> "org/springframework/richclient/from/AbstractTableMasterForm" and that's 
> it, see the attached file.

Please get an updated batch file from

<http://dawes.za.net/rogan/webscarab/webscarab-ng.bat>

I simply did not add the necessary library to the classpath (although is 
IS in the libs tarball that you downloaded)

> 
> Also some other issues:
> 
> - on startup you can select a Database, a dialog shows up with a 
> username ('sa') and password. A new user will not know what do here (you 
> just have to press "Ok" I guess)

Right. I plan to improve this eventually. For the moment, you may want 
to change the directory from C:\Temp\ . . .

The idea is that if you want to use something more robust than the 
Hsqldb provided, you can connect to your "enterprise-class" db for 
long-term storage. WS-NG will also support multiple sessions in a single DB.

So, this simple prompt will eventually be extended to have 3 options, 
probably in a wizard format, selected via a radio button:

1. Use built-in DB engine, and a temporary DB. All you will see is the 
description, and a Finish Button.

2. Use the built-in DB engine, and an existing DB. You will see a 
Directory fields, and a "Browse" button to select one graphically. If 
the dir is empty, a new DB will be created there, and you will be 
prompted to name your session. If a DB already exists, you will be 
prompted to select a previous session, or create a new one. Once you do 
that, the Finish button will be enabled.

3. Use your own DB engine. You will be prompted to enter the information 
as seen in the current prompt. As for option 2, if there are already 
session defined, you will be prompted to choose one, or create a new one.

> 
> - if you startup a new window and select "Exit" you will exit from 
> Webscarab. There is no "Close this window" in any of the menus (you have 
> to close it manually from the Close widget).

It's not difficult to add a Close Window command. I think it would make 
sense for it to be under the Window menu, since you created a new Window 
from that same menu.

"Exit" has pretty well-defined semantics, I think.

> 
> - I get a lot of errors when running this through the shell, a sample is 
> attached

Right, it does a lot of verbose logging. They are not actually errors as 
such, note the "INFO" tag for most of them. They mostly refer to not 
being able to find resources/localised texts for a number of 
forms/buttons/commands. e.g. I have not created little icons for all of 
the menu items . . .

Note that the exception screenshot that you sent me DID have a localised 
"Close"/"Ok" button showing, which is something that the Spring Rich 
Client framework does automatically (although one needs to provide the 
necessary translations, obviously).

> The out of memory information is bound to be very useful. I had many 
> issues with Webscarab running Oom and losing all the unsaved session 
> files because of it :-)

Yes, that is something that was a problem. I'm sure that we'll still 
find that we have memory leaks in the current version, but hopefully not 
as bad.

> 
> Regards
> 
> Javier

Thanks a lot for the feedback.

Rogan


Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job
easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Owasp-webscarab mailing list
Owasp-webscarab at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-webscarab

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.5/376 - Release Date: 6/26/2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.9.5/376 - Release Date: 6/26/2006

More information about the Owasp-webscarab mailing list