WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Webscarab how to?

From: mr.nasty () ix netcom com
Date: 30 Jun 2006 19:33:35 -0000
I'm currently working with webscarab and can get the proxy to work just fine on one computer. I would like to use some 
of the plug-ins like the fuzzer but can't seem to figure out how to make it work.

Here's a brief example of what I'm doing and where I get stuck.

Open WebScarab and on the front page under the ID column I double click on a POST which takes me to another scree with 
various parameters.  In this case I see a multi part tab with three choices.  When I click on one of the choices it 
shows me the sting that input into that area of the form.

What can I do with this at this point?

Let's say I'm back at the initial (front page) of WebScarab and right click on an ID.  I get four options, two of which 
are not available.  One I'd like to use is 'Use as Fuzz Template'.  I click on this option.

When I click on the "Fuzzer" I notice the url I selected in the ID is now part of the Fuzzer GUI.

I now have several options within the "Parameters".  Location, Name, Type, Value, Priority, and "Fuzz Source".  Here's 
where it gets a little frustrating.

What exactly does all this mean?  Can I fun the Name?  How do I do that?

I've read most of the documentation on OWASP but I'm having trouble understanding how this app actually works.

A good presentation would be helpful.

Thanks

Within the Fuzzer there is a drop down menu but what exactly do you put in there? Names? Numbers? Name and Numbers? 
Then where do you put the text file you create?  Which folder?  There really isn't an option to browse to any specific 
folder.


-------------------------------------------------------------------------
Sponsored by: Watchfire

As web applications become increasingly complex, tremendous amounts of 
sensitive data - personal, medical and financial - are exchanged, and 
stored. Consumers expect and demand security for this information. This 
whitepaper examines a few vulnerability detection methods - specifically 
comparing and contrasting manual penetration testing with automated 
scanning tools. Download "Automated Scanning or Manual Penetration 
Testing?" today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: