[Owasp-webscarab] Did some changes on webscarab...

Brad Causey bradcausey at gmail.com
Wed Nov 4 14:55:52 EST 2009 

Ditto on the patch/testing.

-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
Never underestimate the time, expense, and effort an opponent will expend to
break a code. (Robert Morris)
--


On Wed, Nov 4, 2009 at 1:51 PM, Matt Tesauro <mtesauro at gmail.com> wrote:

> I'm not trying to trump Rogan but I'd love to have these features added
> to the WebScarab I put on the OWASP Live CD.  I already pull and compile
> WebScarab from Rogan's Git repository when I package WebScarab for the
> Live CD.  I do this for the "Tag" column and some other
> fixes/improvements made during last years OWASP Summit in Portugal.
> Last I checked these weren't in the official jar file.
>
> Are you willing to share a patch file?  I'd be happy to be a tester for
> the changes you've described below.
>
> -
> -- Matt Tesauro
> OWASP Live CD Project Lead
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
> http://AppSecLive.org - Community and Download site
>
> On Wed, 2009-11-04 at 20:41 +0100, Martin Holst Swende wrote:
> > Hi,
> >
> > I have fixed a few features I was missing. Those are :
> >
> > * Search-tab: I added a few out-of-the box searches that makes it easy
> > to do search on req/response body and parameters. They are
> > default-populated when webscarab starts.
> > * Main tab: Bugfix - Filter treeview bug so it filters anything below
> > where you are, and not only shows exact matches.
> > * All : Whitelisting. Got annoyed with too much data in my sessions, so
> > I added config-option Webscarab.whitelistRegex which is a whitelist for
> > what to import into webscarab. Previously there was only a blacklist for
> > discarding images and stuff, this is for capturing only things
> > interesting for your specific target (domain). No UI-control for this
> > though -one needs to edit the properties-file.
> > * Fragments : Added a few more fragments-finders:
> >       * Fileupload (finds file upload forms)
> >       * Hidden fields (reports where hidden fields are, and what values
> they
> > tried to hide)
> >       * Dom-xss (locates 'dangerous' javascript which could indicate
> > dom-based xss - such as assignments like foo = document.location)
> >       * Forms. Tells if a page contains a form.
> >
> >
> > So, I figured this may be useful to other folks aswell. Rogan, what
> > should I do with all this ? Should I publish my git-tree somewhere for
> > you to look at?
> >
> > Regards,
> > Martin Holst Swende
> >
> > _______________________________________________
> > Owasp-webscarab mailing list
> > Owasp-webscarab at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-webscarab
>
> _______________________________________________
> Owasp-webscarab mailing list
> Owasp-webscarab at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-webscarab
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-webscarab/attachments/20091104/be461de9/attachment.html

More information about the Owasp-webscarab mailing list