[Owasp-webscarab] Did some changes on webscarab...
bradcausey at gmail.com
Wed Nov 4 14:55:52 EST 2009
Ditto on the patch/testing.
CISSP, MCSE, C|EH, CIFI, CGSP
Never underestimate the time, expense, and effort an opponent will expend to
break a code. (Robert Morris)
On Wed, Nov 4, 2009 at 1:51 PM, Matt Tesauro <mtesauro at gmail.com> wrote:
> I'm not trying to trump Rogan but I'd love to have these features added
> to the WebScarab I put on the OWASP Live CD. I already pull and compile
> WebScarab from Rogan's Git repository when I package WebScarab for the
> Live CD. I do this for the "Tag" column and some other
> fixes/improvements made during last years OWASP Summit in Portugal.
> Last I checked these weren't in the official jar file.
> Are you willing to share a patch file? I'd be happy to be a tester for
> the changes you've described below.
> -- Matt Tesauro
> OWASP Live CD Project Lead
> http://AppSecLive.org - Community and Download site
> On Wed, 2009-11-04 at 20:41 +0100, Martin Holst Swende wrote:
> > Hi,
> > I have fixed a few features I was missing. Those are :
> > * Search-tab: I added a few out-of-the box searches that makes it easy
> > to do search on req/response body and parameters. They are
> > default-populated when webscarab starts.
> > * Main tab: Bugfix - Filter treeview bug so it filters anything below
> > where you are, and not only shows exact matches.
> > * All : Whitelisting. Got annoyed with too much data in my sessions, so
> > I added config-option Webscarab.whitelistRegex which is a whitelist for
> > what to import into webscarab. Previously there was only a blacklist for
> > discarding images and stuff, this is for capturing only things
> > interesting for your specific target (domain). No UI-control for this
> > though -one needs to edit the properties-file.
> > * Fragments : Added a few more fragments-finders:
> > * Fileupload (finds file upload forms)
> > * Hidden fields (reports where hidden fields are, and what values
> > tried to hide)
> > dom-based xss - such as assignments like foo = document.location)
> > * Forms. Tells if a page contains a form.
> > So, I figured this may be useful to other folks aswell. Rogan, what
> > should I do with all this ? Should I publish my git-tree somewhere for
> > you to look at?
> > Regards,
> > Martin Holst Swende
> > _______________________________________________
> > Owasp-webscarab mailing list
> > Owasp-webscarab at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-webscarab
> Owasp-webscarab mailing list
> Owasp-webscarab at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-webscarab