[OWASP-Raleigh, NC] WebScarabNG question.

Steve Pinkham steve.pinkham at gmail.com
Wed Jun 3 15:23:44 EDT 2009


Fred Williams wrote:
> Cool - I didn't know about Burp.   I just need a proxy server.
> 

If you just need a proxy, Fiddler (http://www.fiddler2.com/fiddler2/) or 
Charles (http://www.charlesproxy.com/) are pretty easy to use and have 
some nifty features.

However if you test webapps for security a lot, Burp Pro is the best 
$200 you can spend IMHO.  The free version is pretty good, but has some 
speed and saving limitations, and is missing the scanner functionality 
entirely.

Steve

> From: Michael Menefee [mailto:mmenefee at gmail.com]
> Sent: Wednesday, June 03, 2009 3:08 PM
> To: Steve Pinkham
> Cc: Fred Williams; owasp-raleigh at lists.owasp.org
> Subject: Re: [OWASP-Raleigh, NC] WebScarabNG question.
> 
> Agreed, Burpsuite is a little more prime-time. For those interested, here's the link to Burp
> 
> http://portswigger.net/suite/
> 
> FYI, It's a proxy server (with many bells and whistles) useful when testing the security of your web apps
> 
> Thanks, Steve.
> 
> Mike
> 
> 
> 
> Steve Pinkham wrote:
> 
> Fred Williams wrote:
> 
> 
> 
> I"ve been trying to download a copy of the new version of WebScarab NG but I can't find the download anywhere behind the link provided on the OWASP site.  Anybody have any luck?
> 
> 
> 
> Fred
> 
> 
> 
> 
> 
> As far as I know, right now you have to pull it from git and build it
> 
> with maven.  This seems to be by design, as it's not really ready for
> 
> prime time.
> 
> I have a repo I build every once and a while to test, and then promptly
> 
> go back to burp. ;-)
> 
> Webscarab NG is still very bare-bones.
> 
> 
> 
> If you really have trouble building it and can't bare not trying it
> 
> right now, I can probably be persuaded to post a build, but it's really
> 
> not anything special at the moment.
> 
> 
> 
> Steve
> 
> 
> 
> --
> Michael S. Menefee, CISSP (#43728)
> Principal Consultant, WireHead Security
> North Carolina OWASP Chapter Leader
> Phone: (919) 863-4373
> Cell: (919) 271-8883
> Fax: (919) 882-8044
> Email: mmenefee at wireheadsecurity.com<mailto:mmenefee at wireheadsecurity.com>
> Website: www.wireheadsecurity.com<http://www.wireheadsecurity.com/>
> _______________________________________________
> Owasp-raleigh mailing list
> Owasp-raleigh at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-raleigh


-- 
  | Steven E. Pinkham                      |
  | GPG public key ID CD31CAFB             |


More information about the Owasp-raleigh mailing list