[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: WAS Executor
Hi folks, An initial stab at the WAS Executor is available as part of WebScarab, and can be downloaded from http://home.intekom.co.za/rdawes/WebScarab.jar You will need to have certain libraries from the Jakarta commons, such as the digester, logging, etc. It does not have an entry point via the GUI, yet. You can run the WASExecutor using a command similar to the following: java -cp webscarab.jar org.owasp.webscarab.plugin.was.WASExecutor http://www.target:port/path/file.html test.xml At this point, it is quite rough and ready. I have had problems with the default parser in JRE/JDK 1.4+, and had to hardcode the path to the DTD in the xml file. Hopefully we can sort that out before too long. ToDo: Care about encodings. I have completely ignored the encoding attributes at this point. Handle request bodies. Currently it only handles GET requests, and does not try to build parameter lists. It should be roughly equivalent to a whisker or nikto scan for existence of URLs. The source code is in CVS on sourceforge under webscarab, as well as being included in the WebScarab.jar file, so it should be relatively easy for you to play with it and modify it if desired. Please let me know if you have trouble getting it to work. Rogan -- "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench." - Gene Spafford -- Deloitte & Touche Security Services Group Tel: +27(11)806-6216 Fax: +27(11)806-5202 Cell: +27(82)784-9498 -- Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]