This article needs to be updated. Please help update this article to reflect recent events or newly available information. (October 2023) |
| WebScarab | |
|---|---|
| 👁 Image Screenshot of WebScarab | |
| Developer | The Open Web Application Security Project |
| Written in | Java |
| Successor | Zed Attack Proxy |
| Type | Web security testing tool |
| License | GPLv2 |
| Website | WebScarab |
| Repository | github.com/OWASP/OWASP-WebScarab |
WebScarab is a web security application testing tool. It serves as a proxy that intercepts and allows people to alter web browser web requests (both HTTP and HTTPS) and web server replies. WebScarab also may record traffic for further review.[1]
In 2013 official development of WebScarab slowed. The project repository was archived on 4 April 2024.[2] The website of the project was also archived and recommends using OWASP's Zed Attack Proxy instead.[3]
Overview
[edit]WebScarab is an open source tool developed by The Open Web Application Security Project (OWASP), and was implemented in Java so it could run across multiple operating systems.[4]
WebScarab is meant to act as a framework, being extensible and with most features being implemented as plugins.[3]
Features
[edit]Some of the features provided by plugins include: [3]
- An intercepting proxy server
- Executing Java commands with BeanShell
- Emulating a slower network
- Acting as a web crawler
- Fuzzing request parameters
- Cross-site scripting analysis
References
[edit]- ^ Hope, Brian; Walther, Ben (2009). Web security testing cookbook : systematic techniques to find problems fast. Internet Archive. Sebastopol, Ca. : O'Reilly. ISBN 978-0-596-51483-9.
- ^ "OWASP-WebScarab GitHub repository". GitHub. Retrieved 23 May 2025.
- ^ a b c "OWASP-WebScarab website". OWASP. Archived from the original on 12 May 2025. Retrieved 23 May 2025.
- ^ "Website Design for Crafting a Captivating Online Presence". Retrieved 2023-10-20.
External links
[edit]
