[Owasp-italy] Fwd: Request for beta-testers: WebScarab

Matteo Meucci matteo.meucci at gmail.com
Mon Jan 23 10:15:01 EST 2006

---------- Forwarded message ----------
From: Rogan Dawes <discard at dawes.za.net>
Date: Jan 23, 2006 2:56 PM
Subject: Request for beta-testers: WebScarab
To: OWASP WebScarab <owasp-webscarab at lists.sourceforge.net>,
webappsec at securityfocus.com

Hi folks

There is a test-release version of WebScarab available on my personal
web site.


Interesting new features in this version are:

* Comprehensive support for authentication, both Proxy and WWW,
including Basic Auth, NTLM, and Negotiate (not Kerberos, though)
* Revised client certificate management, supporting multiple client
certificates, and easy selection of which certificate to use.
* A new plugin contributed by Meder Kydyraliev, which enables WebScarab
to check if any of the retrieved pages exist with a backup extension
such as .bak, ~, etc, and if any folders exist as zipped, arjed, tarred,
etc archives, which may enable the tester to download the entire site.
* WebScarab is distributed using a new packaging technique, replacing
the "-selfcontained" distribution with a "one-jar" version that can
simply be run by double-clicking. It is a better solution that avoids
some of the resource conflicts generated by ProGuard that users have
reported in the past.

At this point, this is not intended to be an official release. I am
making this announcement to solicit testers for feedback on the new

Depending on the feedback received, I will make a formal release through
sourceforge in a few days time.

On a slightly different note, the CVS repository at SourceForge will
become more and more outdated. I have moved to a git source control
repository which can be browsed at http://dawes.za.net/gitweb.cgi, or
cloned from http://dawes.za.net/webscarab.git/

Feedback welcome, but please unobfuscate my email address before
replying. It is lists AT dawes.za.net.



More information about the Owasp-italy mailing list