New WebScarab release

["Dawes, Rogan (ZA - Johannesburg)" <rdawes () deloitte co za>]

Hi all, 

This is to announce a new release of WebScarab, a Java-based HTTP proxy
which can be used to intercept and modify HTTP and HTTPS requests and
responses in arbitrary ways.

New features in this version:

* Completely reworked RequestPanel and ResponsePanel, providing support for
nearly arbitrary content-types. Currently there are Hex, Text, HTML and
SerializedObject viewers, which are invoked automatically accoring to the
Content-Type headers. There is also support for tabular editing of message
headers. Editors for application/x-www-urlencoded and multi-part forms will
be coming shortly.

* The Text editor mentioned above supports "search" functionality, accessed
via Ctrl-F.

* An interesting feature is the addition of BeanShell scripting
functionality, which allows the operator to perform completely arbitrary
processing of a request or response. This functionality is available in both
the proxy intercept windows, and the "conversation view" windows.

* SessionID sampling and analysis. This is a new plugin designed to collect
a large number of sessionIDs and graph them, so the operator can visually
see if there are any patterns. Sessionids are converted to a BigInteger, by
means of automatic per-position character set analysis (e.g. aaa, aab, aac
== 1, 2, 3 resp, since the aaa does not ever change, and consequently maps
to 0)

* intercepting many requests simultaneously should no longer result in
deadlock of the GUI.

WebScarab should hopefully also be more robust, with many nullpointer
exceptions hunted down and squashed.

As usual all feedback is welcome. Error reports help to improve WebScarab,
while "I use it in this way" helps to guide direction, and motivate me to
continue ;-) Even "WebScarab sucks because . . . " is useful information ;-)

I can usually also be reached as Gollum256 on AIM if anyone wants to chat
online about WebScarab.

Rogan
-- 
"Using encryption on the Internet is the equivalent of arranging an 
armored car to deliver credit card information from someone living 
in a cardboard box to someone living on a park bench."
  - Gene Spafford
-- 
Deloitte & Touche Security Services Group
Tel: +27(11)806-6216     Fax: +27(11)806-5202     Cell: +27(82)784-9498
-- 

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") 
that must be accessed and read by clicking here or by copying and pasting the following address into your Internet 
browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this 
email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access 
the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre () Deloitte co za.