[Owasp-webscarab] Regarding new changes
Martin Holst Swende
martin at swende.se
Thu Nov 5 06:17:14 EST 2009
Regarding the changes that are now updated into head;
The whitelist filter has no UI. I did not add that, since it involved
messing with auto-generated template-files and I am no swing-hacker. It
would be good if "discard conversations" was called "white and blacklist
filters" or something, and if user there could both make changes to,
aswell as enable and disable whitelist and blacklist individually. As it
is now, it is not really user-friendly -editing a properties-file:)
Some other ideas that I have thought about that would be nice-to-have:
* Fragments : Unusual server header directives.
* Fragments-comments : Should look at javascript comments also
* Fragments : look for stacktraces
* Fragments: double-clicking on a row in the bottom pane does not show
the conversation. Perhaps a bug I introduced?
* It would be nice to enable listening on more than one port. By doing
that, it would be possible to run scenarios with e.g two user on two
browsers (FF and IE) going to separate ports, and then maybe
auto-tagging the conversations so it is easier to separate the two
streams of events when analysing the data. Rogan : do you think that
would be problematic from a synchronization point of view? E.g do you
think it will be problems with paralell incoming requests?
* I like the tagging, but it would be nice to tag multiple dialogs at
the same time.
* When the xss-checker does its checks, the failed dialogs never enter
the main model. Rogan - is that by design ? I would like them to be
there, not least for forensics reasons.
If anyone wants to implement any of this, please yell so I don't waste
time on it :)
/Martin Holst Swende
More information about the Owasp-webscarab
mailing list