OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

was message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: WAS Executor

Hi folks,

An initial stab at the WAS Executor is available as part of WebScarab, and
can be downloaded from http://home.intekom.co.za/rdawes/WebScarab.jar

You will need to have certain libraries from the Jakarta commons, such as
the digester, logging, etc.

It does not have an entry point via the GUI, yet.

You can run the WASExecutor using a command similar to the following:

java -cp webscarab.jar org.owasp.webscarab.plugin.was.WASExecutor
http://www.target:port/path/file.html test.xml

At this point, it is quite rough and ready. I have had problems with the
default parser in JRE/JDK 1.4+, and had to hardcode the path to the DTD in
the xml file. Hopefully we can sort that out before too long.

ToDo:

Care about encodings. I have completely ignored the encoding attributes at
this point.
Handle request bodies. Currently it only handles GET requests, and does not
try to build parameter lists.

It should be roughly equivalent to a whisker or nikto scan for existence of
URLs.

The source code is in CVS on sourceforge under webscarab, as well as being
included in the WebScarab.jar file, so it should be relatively easy for you
to play with it and modify it if desired.

Please let me know if you have trouble getting it to work.

Rogan
-- 
"Using encryption on the Internet is the equivalent of arranging an 
armored car to deliver credit card information from someone living 
in a cardboard box to someone living on a park bench."
  - Gene Spafford
-- 
Deloitte & Touche Security Services Group
Tel: +27(11)806-6216     Fax: +27(11)806-5202     Cell: +27(82)784-9498
-- 

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]