[OWASP-Raleigh, NC] WebScarabNG question.

Enders, Hans hans.enders at hp.com
Wed Jun 3 15:18:19 EDT 2009


And don't forget Paros Proxy (MileSCAN?) for a solid, chainable, intercept proxy.  Both Burp and Paros require JRE, although I had difficulty between Paros and JRE 1.6, downgraded to JRE 1.4.  I think the JRE has to be installed beforehand or Paros just sits there, so maybe 1.6 works fine...

One "problem" with Burp is that the free version does not allow you to save the sessions for review at a later time.


"Habeas data"

-----Original Message-----
From: owasp-raleigh-bounces at lists.owasp.org [mailto:owasp-raleigh-bounces at lists.owasp.org] On Behalf Of Michael Menefee
Sent: Wednesday, June 03, 2009 3:11 PM
To: Fred Williams
Cc: owasp-raleigh at lists.owasp.org
Subject: Re: [OWASP-Raleigh, NC] WebScarabNG question.

There's actually a standalone proxy (also part of the suite) called Burp Proxy, available via the same site...



Fred Williams wrote:
> Cool - I didn't know about Burp.   I just need a proxy server.
>
>
> From: Michael Menefee [mailto:mmenefee at gmail.com]
> Sent: Wednesday, June 03, 2009 3:08 PM
> To: Steve Pinkham
> Cc: Fred Williams; owasp-raleigh at lists.owasp.org
> Subject: Re: [OWASP-Raleigh, NC] WebScarabNG question.
>
> Agreed, Burpsuite is a little more prime-time. For those interested, here's the link to Burp
>
> http://portswigger.net/suite/
>
> FYI, It's a proxy server (with many bells and whistles) useful when testing the security of your web apps
>
> Thanks, Steve.
>
> Mike
>
>
>
> Steve Pinkham wrote:
>
> Fred Williams wrote:
>
>
>
> I"ve been trying to download a copy of the new version of WebScarab NG but I can't find the download anywhere behind the link provided on the OWASP site.  Anybody have any luck?
>
>
>
> Fred
>
>
>
>
>
> As far as I know, right now you have to pull it from git and build it
>
> with maven.  This seems to be by design, as it's not really ready for
>
> prime time.
>
> I have a repo I build every once and a while to test, and then promptly
>
> go back to burp. ;-)
>
> Webscarab NG is still very bare-bones.
>
>
>
> If you really have trouble building it and can't bare not trying it
>
> right now, I can probably be persuaded to post a build, but it's really
>
> not anything special at the moment.
>
>
>
> Steve
>
>
>
> --
> Michael S. Menefee, CISSP (#43728)
> Principal Consultant, WireHead Security
> North Carolina OWASP Chapter Leader
> Phone: (919) 863-4373
> Cell: (919) 271-8883
> Fax: (919) 882-8044
> Email: mmenefee at wireheadsecurity.com<mailto:mmenefee at wireheadsecurity.com>
> Website: www.wireheadsecurity.com<http://www.wireheadsecurity.com/>
> _______________________________________________
> Owasp-raleigh mailing list
> Owasp-raleigh at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-raleigh
>   
_______________________________________________
Owasp-raleigh mailing list
Owasp-raleigh at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-raleigh


More information about the Owasp-raleigh mailing list