WebScarab
   HOME

TheInfoList



Click Here for Items Related To - WebScarab
OR:
WebScarab on:   [Wikipedia]   [Google]   [Amazon]

WebScarab is a
web security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules an ...
application testing tool. It serves as a proxy that intercepts and allows people to alter
web browser A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...
web requests (both
HTTP HTTP (Hypertext Transfer Protocol) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, wher ...
and
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protoc ...
) and
web server A web server is computer software and underlying Computer hardware, hardware that accepts requests via Hypertext Transfer Protocol, HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, co ...
replies. WebScarab also may record traffic for further review. In 2013 official development of WebScarab slowed. The project repository was archived on . The website of the project was also archived and recommends using OWASP's Zed Attack Proxy instead.


Overview

WebScarab is an
open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
tool developed by The Open Web Application Security Project (OWASP), and was implemented in
Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...
so it could run across multiple operating systems. WebScarab is meant to act as a framework, being extensible and with most features being implemented as plugins.


Features

Some of the features provided by plugins include: * An intercepting proxy server * Executing Java commands with
BeanShell BeanShell is a small, free, embeddable Java source interpreter with object scripting language features, written in Java. It runs in the Java Runtime Environment (JRE), dynamically executes standard Java syntax and extends it with common scripting c ...
* Emulating a slower network * Acting as a
web crawler Web crawler, sometimes called a spider or spiderbot and often shortened to crawler, is an Internet bot that systematically browses the World Wide Web and that is typically operated by search engines for the purpose of Web indexing (''web spider ...
*
Fuzzing In programming and software development, fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptio ...
request parameters *
Cross-site scripting Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be ...
analysis


References


External links


Official Webpage
Web development Software testing tools Computer network security Software using the GNU General Public License Free software programmed in Java (programming language) {{security-software-stub