WebApp Sec mailing list archives
Webscarab how to?
From: mr.nasty () ix netcom com
Date: 30 Jun 2006 19:33:35 -0000
I'm currently working with webscarab and can get the proxy to work just fine on one computer. I would like to use some of the plug-ins like the fuzzer but can't seem to figure out how to make it work. Here's a brief example of what I'm doing and where I get stuck. Open WebScarab and on the front page under the ID column I double click on a POST which takes me to another scree with various parameters. In this case I see a multi part tab with three choices. When I click on one of the choices it shows me the sting that input into that area of the form. What can I do with this at this point? Let's say I'm back at the initial (front page) of WebScarab and right click on an ID. I get four options, two of which are not available. One I'd like to use is 'Use as Fuzz Template'. I click on this option. When I click on the "Fuzzer" I notice the url I selected in the ID is now part of the Fuzzer GUI. I now have several options within the "Parameters". Location, Name, Type, Value, Priority, and "Fuzz Source". Here's where it gets a little frustrating. What exactly does all this mean? Can I fun the Name? How do I do that? I've read most of the documentation on OWASP but I'm having trouble understanding how this app actually works. A good presentation would be helpful. Thanks Within the Fuzzer there is a drop down menu but what exactly do you put in there? Names? Numbers? Name and Numbers? Then where do you put the text file you create? Which folder? There really isn't an option to browse to any specific folder. ------------------------------------------------------------------------- Sponsored by: Watchfire As web applications become increasingly complex, tremendous amounts of sensitive data - personal, medical and financial - are exchanged, and stored. Consumers expect and demand security for this information. This whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download "Automated Scanning or Manual Penetration Testing?" today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm --------------------------------------------------------------------------
Current thread:
- Webscarab how to? mr . nasty (Jun 30)