[Owasp-webscarab] webscarab as a debugger
Rogan Dawes
rogan at dawes.za.net
Wed Nov 25 00:17:26 EST 2009
Geoff Sanders wrote:
> WebScarab is an intercepting proxy. This is different in that the full
> request is stopped at will before reaching the browser (or server) for
> execution. You can't really stop a specific function unless you edit
> that function during the intercept. A bit more of a 'ham handed'
> approach for trying to alter JS within the browser IMHO (especially in
> the case of Ajax applications).
As Geoff suggests, WebScarab is really only useful when you are
intercepting the requests/responses in flight. It cannot influence or
interact with the browser in any way, other than by modifying the
content of those requests and responses.
So, what you COULD do, in theory, is to insert e.g. alert statements at
interesting points by modifying the response using a BeanShell script,
but it is probably not the most effective approach.
Regards,
Rogan
More information about the Owasp-webscarab
mailing list