10 | *
11 | * This program is free software; you can redistribute it and/or
12 | * modify it under the terms of the GNU General Public License
13 | * as published by the Free Software Foundation; either version 2
14 | * of the License, or (at your option) any later version.
15 | *
16 | * This program is distributed in the hope that it will be useful,
17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 | * GNU General Public License for more details.
20 | *
21 | * You should have received a copy of the GNU General Public License
22 | * along with this program; if not, write to the Free Software
23 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 | *
25 | * Getting Source
26 | * ==============
27 | *
28 | * Source for this application is maintained at Sourceforge.net, a
29 | * repository for free software projects.
30 | *
31 | * For details, please see http://www.sourceforge.net/projects/owasp
32 | *
33 | */
34 |
35 | package org.owasp.webscarab.plugin.saml;
36 |
37 | /**
38 | *
39 | * @author Frank Cornelis
40 | */
41 | public class SamlSignatureException extends Exception {
42 |
43 | public SamlSignatureException(String message, Throwable cause) {
44 | super(message, cause);
45 | }
46 |
47 | public SamlSignatureException(String message) {
48 | super(message);
49 | }
50 | }
51 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/ui/swing/editors/ImagePanel.form:
--------------------------------------------------------------------------------
1 |
2 |
3 |
29 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/proxy/ManualEditUI.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * ManualEditUI.java
36 | *
37 | * Created on August 9, 2004, 3:03 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin.proxy;
41 |
42 | import org.owasp.webscarab.model.Request;
43 | import org.owasp.webscarab.model.Response;
44 |
45 | /**
46 | *
47 | * @author knoppix
48 | */
49 | public interface ManualEditUI {
50 |
51 | Request editRequest(Request request);
52 |
53 | Response editResponse(Request request, Response response);
54 |
55 | }
56 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/sessionid/Calculator.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * Calculator.java
36 | *
37 | * Created on August 9, 2004, 8:10 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin.sessionid;
41 |
42 | import java.math.BigInteger;
43 |
44 | /**
45 | *
46 | * @author knoppix
47 | */
48 | public interface Calculator {
49 |
50 | void reset();
51 |
52 | boolean add(SessionID id);
53 |
54 | BigInteger calculate(SessionID id);
55 |
56 | BigInteger min();
57 |
58 | BigInteger max();
59 |
60 | }
61 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/ui/swing/editors/ByteArrayEditor.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * ByteViewer.java
36 | *
37 | * Created on November 4, 2003, 6:09 PM
38 | */
39 |
40 | package org.owasp.webscarab.ui.swing.editors;
41 |
42 | /**
43 | *
44 | * @author rdawes
45 | */
46 | public interface ByteArrayEditor {
47 |
48 | String getName();
49 |
50 | void setEditable(boolean editable);
51 |
52 | void setBytes(String contentType, byte[] bytes);
53 |
54 | boolean isModified();
55 |
56 | byte[] getBytes();
57 |
58 | }
59 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/manualrequest/ManualRequestUI.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * ManualRequestUI.java
36 | *
37 | * Created on August 8, 2004, 9:51 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin.manualrequest;
41 |
42 | import org.owasp.webscarab.model.Request;
43 | import org.owasp.webscarab.model.Response;
44 |
45 | import org.owasp.webscarab.plugin.PluginUI;
46 |
47 | /**
48 | *
49 | * @author knoppix
50 | */
51 | public interface ManualRequestUI extends PluginUI {
52 |
53 | void requestChanged(Request request);
54 |
55 | void responseChanged(Response response);
56 |
57 | }
58 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/sessionid/SessionIDAnalysisUI.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * SessionIDListener.java
36 | *
37 | * Created on August 9, 2004, 8:13 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin.sessionid;
41 |
42 | import org.owasp.webscarab.plugin.PluginUI;
43 |
44 | /**
45 | *
46 | * @author knoppix
47 | */
48 | public interface SessionIDAnalysisUI extends PluginUI {
49 |
50 | void setEnabled(boolean enabled);
51 |
52 | void sessionIDAdded(String key, int index);
53 |
54 | void sessionIDsChanged();
55 |
56 | void calculatorChanged(String key);
57 |
58 | }
59 |
--------------------------------------------------------------------------------
/doc/certificates.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | WebScarab certificates
6 |
7 |
8 | Creating your own certificates
9 | WebScarab reads certificates stored in the PKCS12 format, which can be created
10 | or converted to by tools such as OpenSSL. PKCS12 is also one of the formats that
11 | Internet Explorer and Mozilla/Navigator, etc can import and export.
12 | Since the PKCS12 format requires a password, WebScarab uses a password of
13 | "password" (without the quotes). This password is hard-coded into the source of WebScarab.
14 | Note that this is not an important password, so there is no point in changing it!
15 | If you decide you want to create your own certificates, for whatever reason,
16 | here are some instructions for doing so using OpenSSL:
17 | First create the private key:
18 |
19 | openssl genrsa 1024 > server.key
20 |
21 | Then create the corresponding self-signed certificate:
22 |
23 | openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.crt
24 |
25 | Finally, wrap both the key and the certificate into a PKCS12 formatted file:
26 |
27 | openssl pkcs12 -export -out server.p12 -in server.crt -inkey server.key -name "WebScarab"
28 |
29 | Place the resulting "server.p12" file in the root of the webscarab
30 | installation directory, in place of the existing server.p12 file
31 | Initial support for client certificates exists now, so you should be
32 | able to do similar operations for the client certificate and keys,
33 | calling the file "client.p12"
34 |
35 | NOTE that WebScarab looks for the certificate and key files IN the
36 | webscarab.jar, so you will have to rebuild the jar file with your
37 | updated certificate files, otherwise they will not be used!
38 |
39 |
40 |
41 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/httpclient/ClientTrustManager.java:
--------------------------------------------------------------------------------
1 | package org.owasp.webscarab.httpclient;
2 |
3 | import java.net.Socket;
4 | import java.security.cert.CertificateException;
5 | import java.security.cert.X509Certificate;
6 | import javax.net.ssl.SSLEngine;
7 | import javax.net.ssl.X509ExtendedTrustManager;
8 | import javax.net.ssl.X509TrustManager;
9 |
10 | /**
11 | * A trust manager implementation that assumes that the world is not evil, that
12 | * no government is spying on you: it simply accepts all certificates regardless
13 | * of the contents of the certificate (algorithm, CN, ...).
14 | */
15 | public class ClientTrustManager extends X509ExtendedTrustManager
16 | implements X509TrustManager {
17 |
18 | @Override
19 | public void checkClientTrusted(X509Certificate[] xcs, String string)
20 | throws CertificateException {
21 | // trust all certificates
22 | }
23 |
24 | @Override
25 | public void checkServerTrusted(X509Certificate[] xcs, String string)
26 | throws CertificateException {
27 | // trust all certificates
28 | }
29 |
30 | @Override
31 | public X509Certificate[] getAcceptedIssuers() {
32 | return null;
33 | }
34 |
35 | @Override
36 | public void checkClientTrusted(X509Certificate[] xcs, String string,
37 | Socket socket) throws CertificateException {
38 | // trust any client-supplied certificate
39 | }
40 |
41 | @Override
42 | public void checkServerTrusted(X509Certificate[] xcs, String string,
43 | Socket socket) throws CertificateException {
44 | // trust all
45 | }
46 |
47 | @Override
48 | public void checkClientTrusted(X509Certificate[] xcs, String string,
49 | SSLEngine ssle) throws CertificateException {
50 | // trust all
51 | }
52 |
53 | @Override
54 | public void checkServerTrusted(X509Certificate[] xcs, String string,
55 | SSLEngine ssle) throws CertificateException {
56 | // trust all
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/openid/AXFetchRequestAttribute.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * This file is part of WebScarab, an Open Web Application Security
4 | * Project utility. For details, please see http://www.owasp.org/
5 | *
6 | * Copyright (c) 2011 FedICT
7 | *
8 | * This program is free software; you can redistribute it and/or
9 | * modify it under the terms of the GNU General Public License
10 | * as published by the Free Software Foundation; either version 2
11 | * of the License, or (at your option) any later version.
12 | *
13 | * This program is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with this program; if not, write to the Free Software
20 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 | *
22 | */
23 | package org.owasp.webscarab.plugin.openid;
24 |
25 | /**
26 | *
27 | * @author Frank Cornelis
28 | */
29 | public class AXFetchRequestAttribute {
30 |
31 | private final String attributeType;
32 | private final String alias;
33 | private final boolean required;
34 | private final boolean optional;
35 |
36 | public AXFetchRequestAttribute(String attributeType, String alias, boolean required, boolean optional) {
37 | this.attributeType = attributeType;
38 | this.alias = alias;
39 | this.required = required;
40 | this.optional = optional;
41 | }
42 |
43 | public String getAttributeType() {
44 | return this.attributeType;
45 | }
46 |
47 | public String getAlias() {
48 | return this.alias;
49 | }
50 |
51 | public boolean isRequired() {
52 | return this.required;
53 | }
54 |
55 | public boolean isOptional() {
56 | return this.optional;
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/proxy/ProxyPlugin.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * ProxyPlugin.java
36 | *
37 | * Created on July 10, 2003, 12:41 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin.proxy;
41 |
42 | import org.owasp.webscarab.httpclient.HTTPClient;
43 |
44 | /**
45 | *
46 | * @author rdawes
47 | */
48 | public abstract class ProxyPlugin {
49 |
50 | public void setSession(String type, Object store, String session) {
51 | }
52 |
53 | public void flush() {
54 | }
55 |
56 | /** The plugin name
57 | * @return The name of the plugin
58 | */
59 | public abstract String getPluginName();
60 |
61 | public abstract HTTPClient getProxyPlugin(HTTPClient in);
62 |
63 | }
64 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/parser/ContentParser.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * ContentParser.java
36 | *
37 | * Created on June 24, 2004, 11:42 PM
38 | */
39 |
40 | package org.owasp.webscarab.parser;
41 |
42 | import org.owasp.webscarab.model.Message;
43 | import org.owasp.webscarab.model.HttpUrl;
44 |
45 | /**
46 | * The methods required by a class that can parse the content of a message
47 | * @author knoppix
48 | */
49 | public interface ContentParser {
50 |
51 |
52 | /**
53 | * parses the body of the message, and returns a parsed representation
54 | * @param message the Message to parse
55 | * @return the parsed representation of the message body
56 | */
57 | Object parseMessage(HttpUrl url, Message message);
58 |
59 | }
60 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/sessionid/SessionIDStore.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * SpiderStore.java
36 | *
37 | * Created on August 23, 2003, 2:55 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin.sessionid;
41 |
42 | import org.owasp.webscarab.model.StoreException;
43 |
44 | /**
45 | *
46 | * @author rdawes
47 | */
48 | public interface SessionIDStore {
49 |
50 | int addSessionID(String key, SessionID id);
51 |
52 | void clearSessionIDs(String key);
53 |
54 | int getSessionIDNameCount();
55 |
56 | String getSessionIDName(int index);
57 |
58 | int getSessionIDCount(String key);
59 |
60 | SessionID getSessionIDAt(String key, int index);
61 |
62 | void flush() throws StoreException;
63 |
64 | }
65 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/util/swing/ColumnDataEvent.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * ColumnDataEvent.java
36 | *
37 | * Created on 06 December 2004, 05:23
38 | */
39 |
40 | package org.owasp.webscarab.util.swing;
41 |
42 | import java.util.EventObject;
43 |
44 | /**
45 | *
46 | * @author rogan
47 | */
48 | public class ColumnDataEvent extends EventObject {
49 |
50 | /**
51 | *
52 | */
53 | private static final long serialVersionUID = 6956119410115383747L;
54 | private T _key;
55 |
56 | /** Creates a new instance of ColumnDataEvent */
57 | public ColumnDataEvent(Object source, T key) {
58 | super(source);
59 | _key = key;
60 | }
61 |
62 | public T getKey() {
63 | return _key;
64 | }
65 |
66 | }
67 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/identity/CookieTokenParser.java:
--------------------------------------------------------------------------------
1 | package org.owasp.webscarab.plugin.identity;
2 |
3 | import java.util.Date;
4 | import java.util.LinkedList;
5 | import java.util.List;
6 |
7 | import org.owasp.webscarab.model.Cookie;
8 | import org.owasp.webscarab.model.NamedValue;
9 | import org.owasp.webscarab.model.Request;
10 | import org.owasp.webscarab.model.Response;
11 |
12 | public class CookieTokenParser implements TokenParser {
13 |
14 | private String[] requestHeaders = new String[] { "Cookie", "Cookie2" },
15 | responseHeaders = new String[] { "Set-Cookie", "Set-Cookie2" };
16 |
17 | @Override
18 | public List getTokens(Request request) {
19 | List tokens = new LinkedList();
20 | for (String headerName : requestHeaders) {
21 | String[] headers = request.getHeaders(headerName);
22 | if (headers == null)
23 | continue;
24 | for (String header : headers) {
25 | NamedValue[] cookies = NamedValue.splitNamedValues(header,
26 | ";\\s*", "=");
27 | if (cookies != null)
28 | for (NamedValue cookie : cookies)
29 | tokens.add(cookie);
30 | }
31 | }
32 | return tokens.size() == 0 ? null : tokens;
33 | }
34 |
35 | @Override
36 | public List getTokens(Response response) {
37 | Date date = null;
38 |
39 | // date is not strictly required if all we are doing is getting the
40 | // cookie value
41 |
42 | // String dateHeader = response.getHeader("Date");
43 | // if (dateHeader != null)
44 | // try {
45 | // date = RFC2822.parseDate(response.getHeader("Date"));
46 | // } catch (ParseException e) {
47 | // }
48 |
49 | List tokens = new LinkedList();
50 | for (String headerName : responseHeaders) {
51 | String[] headers = response.getHeaders(headerName);
52 | if (headers == null)
53 | continue;
54 | for (String header : headers) {
55 | Cookie cookie = new Cookie(date, header);
56 | tokens.add(new NamedValue(cookie.getName(), cookie.getValue()));
57 | }
58 | }
59 | return tokens.size() == 0 ? null : tokens;
60 | }
61 |
62 | }
63 |
--------------------------------------------------------------------------------
/INSTALL:
--------------------------------------------------------------------------------
1 | /*
2 | * $Source: /cvsroot/owasp/webscarab/INSTALL,v $
3 | * Copyright (c) 2002 owasp.org.
4 | * This file is part of WebScarab.
5 | * WebScarab is free software; you can redistribute it and/or modify
6 | * it under the terms of the GNU General Public License as published by
7 | * the Free Software Foundation; either version 2 of the License, or
8 | * (at your option) any later version.
9 | *
10 | * WebScarab is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | * GNU General Public License for more details.
14 | *
15 | * The valid license text for this file can be retrieved with
16 | * the call: java -cp owasp.jar org.owasp.webscarab.LICENSE
17 | *
18 | * If you are not able to view the LICENSE that way, which should
19 | * always be possible within a valid and working WebScarab release,
20 | * please write to the Free Software Foundation, Inc.,
21 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 | */
23 |
24 | This is the WebScarab OpenSource project, hosted at
25 | http://www.owasp.org/webscarab.
26 | All source code and development stuff is done under
27 | http://sourceforge.net/projects/owasp
28 |
29 | Prior to building WebScarab, you should download the various
30 | libraries that it depends on. You can see the list in the ant build.xml
31 | file, in this directory. If you got this file by checking out the source
32 | from the WebScarab CVS repository, you should have the required libraries
33 | already.
34 |
35 | WebScarab uses the Apache Ant build tool. In order to build WebScarab, you
36 | should use a reasonably recent version of Ant.
37 |
38 | There are two Ant build tasks that depend on external tools, IzPack and
39 | ProGuard. You are only likely to need these tools if you plan to build
40 | redistributable images of WebScarab. i.e. an installer, or the self-contained
41 | jar. There should be no problem running the common build tasks if you do not
42 | have these external tools.
43 |
44 | // end of $Source: /cvsroot/owasp/webscarab/INSTALL,v $
45 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/ui/swing/editors/HTMLPanel.form:
--------------------------------------------------------------------------------
1 |
2 |
3 |
39 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/fragments/FragmentsStore.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * FragmentsStore.java
36 | *
37 | * Created on August 25, 2004, 11:21 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin.fragments;
41 |
42 | import org.owasp.webscarab.model.StoreException;
43 |
44 | /**
45 | *
46 | * @author knoppix
47 | */
48 | public interface FragmentsStore {
49 |
50 | int getFragmentTypeCount();
51 |
52 | String getFragmentType(int index);
53 |
54 | int getFragmentCount(String type);
55 |
56 | String getFragmentKeyAt(String type, int position);
57 |
58 | int indexOfFragment(String type, String key);
59 |
60 | int putFragment(String type, String key, String fragment);
61 |
62 | String getFragment(String key);
63 |
64 | void flush() throws StoreException;
65 |
66 | }
67 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/spider/Link.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * Link.java
36 | *
37 | * Created on August 7, 2003, 10:28 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin.spider;
41 |
42 | import org.owasp.webscarab.model.HttpUrl;
43 |
44 | /**
45 | *
46 | * @author rdawes
47 | */
48 | public class Link {
49 |
50 | private HttpUrl _url;
51 | private String _referer;
52 |
53 | /** Creates a new instance of Link */
54 | public Link(HttpUrl url, String referer) {
55 | _url = url;
56 | _referer = referer;
57 | }
58 |
59 | public HttpUrl getURL() {
60 | return _url;
61 | }
62 |
63 | public String getReferer() {
64 | return _referer;
65 | }
66 |
67 | public String toString() {
68 | return _url.toString() + " via " + _referer;
69 | }
70 | }
71 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/model/NamedValue.java:
--------------------------------------------------------------------------------
1 | /*
2 | * NamedValue.java
3 | *
4 | * Created on 19 December 2004, 08:58
5 | */
6 |
7 | package org.owasp.webscarab.model;
8 |
9 | import java.util.logging.Logger;
10 | import java.util.logging.Level;
11 |
12 | /**
13 | *
14 | * @author rogan
15 | */
16 | public class NamedValue {
17 |
18 | private String _name;
19 | private String _value;
20 |
21 | private static Logger _logger = Logger.getLogger("org.owasp.webscarab.model.NamedValue");
22 |
23 | {
24 | _logger.setLevel(Level.INFO);
25 | }
26 |
27 | /** Creates a new instance of NamedValue */
28 | public NamedValue(String name, String value) {
29 | _name = name;
30 | _value = value;
31 | }
32 |
33 | public String getName() {
34 | return _name;
35 | }
36 |
37 | public String getValue() {
38 | return _value;
39 | }
40 |
41 | public String toString() {
42 | return _name + "='" + _value + "'";
43 | }
44 |
45 | public static NamedValue[] splitNamedValues(String source, String pairSeparator, String nvSeparator) {
46 | try {
47 | if (source == null || "".equals(source)) return new NamedValue[0];
48 | String[] pairs = source.split(pairSeparator);
49 | _logger.fine("Split \""+ source + "\" into " + pairs.length);
50 | NamedValue[] values = new NamedValue[pairs.length];
51 | for (int i=0; i[] getUrlColumns();
61 |
62 | Action[] getConversationActions();
63 |
64 | ColumnDataModel[] getConversationColumns();
65 |
66 |
67 | }
68 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/util/swing/treetable/AbstractCellEditor.java:
--------------------------------------------------------------------------------
1 | package org.owasp.webscarab.util.swing.treetable;
2 |
3 | import javax.swing.*;
4 | import javax.swing.event.*;
5 | import java.util.EventObject;
6 |
7 | public class AbstractCellEditor implements CellEditor {
8 |
9 | protected EventListenerList listenerList = new EventListenerList();
10 |
11 | public Object getCellEditorValue() { return null; }
12 | public boolean isCellEditable(EventObject e) { return true; }
13 | public boolean shouldSelectCell(EventObject anEvent) { return false; }
14 | public boolean stopCellEditing() { return true; }
15 | public void cancelCellEditing() {}
16 |
17 | public void addCellEditorListener(CellEditorListener l) {
18 | listenerList.add(CellEditorListener.class, l);
19 | }
20 |
21 | public void removeCellEditorListener(CellEditorListener l) {
22 | listenerList.remove(CellEditorListener.class, l);
23 | }
24 |
25 | /*
26 | * Notify all listeners that have registered interest for
27 | * notification on this event type.
28 | * @see EventListenerList
29 | */
30 | protected void fireEditingStopped() {
31 | // Guaranteed to return a non-null array
32 | Object[] listeners = listenerList.getListenerList();
33 | // Process the listeners last to first, notifying
34 | // those that are interested in this event
35 | for (int i = listeners.length-2; i>=0; i-=2) {
36 | if (listeners[i]==CellEditorListener.class) {
37 | ((CellEditorListener)listeners[i+1]).editingStopped(new ChangeEvent(this));
38 | }
39 | }
40 | }
41 |
42 | /*
43 | * Notify all listeners that have registered interest for
44 | * notification on this event type.
45 | * @see EventListenerList
46 | */
47 | protected void fireEditingCanceled() {
48 | // Guaranteed to return a non-null array
49 | Object[] listeners = listenerList.getListenerList();
50 | // Process the listeners last to first, notifying
51 | // those that are interested in this event
52 | for (int i = listeners.length-2; i>=0; i-=2) {
53 | if (listeners[i]==CellEditorListener.class) {
54 | ((CellEditorListener)listeners[i+1]).editingCanceled(new ChangeEvent(this));
55 | }
56 | }
57 | }
58 | }
59 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/ui/swing/editors/MultiPartPanel.form:
--------------------------------------------------------------------------------
1 |
2 |
3 |
39 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/openid/swing/AssociationOPUrlAction.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * This file is part of WebScarab, an Open Web Application Security
4 | * Project utility. For details, please see http://www.owasp.org/
5 | *
6 | * Copyright (c) 2011 FedICT
7 | *
8 | * This program is free software; you can redistribute it and/or
9 | * modify it under the terms of the GNU General Public License
10 | * as published by the Free Software Foundation; either version 2
11 | * of the License, or (at your option) any later version.
12 | *
13 | * This program is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with this program; if not, write to the Free Software
20 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 | *
22 | */
23 |
24 | package org.owasp.webscarab.plugin.openid.swing;
25 |
26 | import java.awt.event.ActionEvent;
27 | import javax.swing.AbstractAction;
28 | import javax.swing.JTextField;
29 |
30 | /**
31 | *
32 | * @author Frank Cornelis
33 | */
34 | public class AssociationOPUrlAction extends AbstractAction {
35 |
36 | private final JTextField opUrlTextField;
37 |
38 | public AssociationOPUrlAction(JTextField opUrlTextField) {
39 | this.opUrlTextField = opUrlTextField;
40 | putValue(NAME, "Use as OP URL for association establishment");
41 | }
42 |
43 | @Override
44 | public void actionPerformed(ActionEvent e) {
45 | String opUrl = (String) getValue("OP-URL");
46 | this.opUrlTextField.setText(opUrl);
47 | }
48 |
49 | @Override
50 | public void putValue(String key, Object value) {
51 | super.putValue(key, value);
52 | if (null == key) {
53 | return;
54 | }
55 | if (false == "OP-URL".equals(key)) {
56 | return;
57 | }
58 | if (null == value) {
59 | setEnabled(false);
60 | } else {
61 | setEnabled(true);
62 | }
63 | }
64 | }
65 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/model/StoreException.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * StoreException.java
36 | *
37 | * Created on August 23, 2003, 2:43 PM
38 | */
39 |
40 | package org.owasp.webscarab.model;
41 |
42 | /**
43 | *
44 | * @author rdawes
45 | */
46 | public class StoreException extends java.lang.Exception {
47 |
48 | /**
49 | *
50 | */
51 | private static final long serialVersionUID = -3216060604426546272L;
52 |
53 | /**
54 | * Creates a new instance of StoreException without detail message.
55 | */
56 | public StoreException() {
57 | }
58 |
59 |
60 | /**
61 | * Constructs an instance of StoreException with the specified detail message.
62 | * @param msg the detail message.
63 | */
64 | public StoreException(String msg) {
65 | super(msg);
66 | }
67 |
68 | public StoreException(String msg, Throwable cause) {
69 | super(msg, cause);
70 | }
71 |
72 | }
73 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/util/LogOutputStream.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * CopyInputStream.java
36 | *
37 | * Created on May 25, 2003, 10:59 AM
38 | */
39 |
40 | package org.owasp.webscarab.util;
41 |
42 | import java.io.OutputStream;
43 | import java.io.FilterOutputStream;
44 | import java.io.IOException;
45 | import java.io.PrintStream;
46 |
47 | /**
48 | *
49 | * @author rdawes
50 | */
51 |
52 | public class LogOutputStream extends FilterOutputStream {
53 | OutputStream _os;
54 | PrintStream _ps;
55 |
56 | public LogOutputStream(OutputStream os, PrintStream ps) {
57 | super(os);
58 | _os = os;
59 | _ps = ps;
60 | }
61 |
62 | public void write(int b) throws IOException {
63 | _os.write(b);
64 | _ps.write(b);
65 | }
66 |
67 | public void write(byte b[], int off, int len) throws IOException {
68 | _os.write(b, off, len);
69 | _ps.write(b, off, len);
70 | }
71 |
72 | }
73 |
74 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/proxy/ProxyUI.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * ProxyUI.java
36 | *
37 | * Created on July 20, 2004, 4:40 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin.proxy;
41 |
42 | import java.io.IOException;
43 |
44 | import org.owasp.webscarab.model.ConversationID;
45 | import org.owasp.webscarab.model.HttpUrl;
46 |
47 | import org.owasp.webscarab.plugin.PluginUI;
48 |
49 | /**
50 | *
51 | * @author knoppix
52 | */
53 | public interface ProxyUI extends PluginUI {
54 |
55 | void proxyAdded(ListenerSpec spec);
56 |
57 | void proxyStarted(ListenerSpec spec);
58 |
59 | void proxyStartError(ListenerSpec spec, IOException ioe);
60 |
61 | void proxyStopped(ListenerSpec spec);
62 |
63 | void proxyRemoved(ListenerSpec spec);
64 |
65 | void requested(ConversationID id, String method, HttpUrl url);
66 |
67 | void received(ConversationID id, String status);
68 |
69 | void aborted(ConversationID id, String reason);
70 |
71 | }
72 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/ui/swing/editors/HexPanel.form:
--------------------------------------------------------------------------------
1 |
2 |
3 |
44 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/util/swing/NoWrapEditorKit.java:
--------------------------------------------------------------------------------
1 | /**
2 | *
3 | */
4 | package org.owasp.webscarab.util.swing;
5 |
6 | /**
7 | * @author rdawes
8 | *
9 | */
10 |
11 | import javax.swing.text.*;
12 |
13 | public class NoWrapEditorKit extends StyledEditorKit {
14 |
15 | private static final long serialVersionUID = 2867130121374027370L;
16 |
17 | public ViewFactory getViewFactory() {
18 | return new StyledViewFactory();
19 | }
20 |
21 | static class StyledViewFactory implements ViewFactory {
22 | public View create(Element elem) {
23 | String kind = elem.getName();
24 |
25 | if (kind != null) {
26 | if (kind.equals(AbstractDocument.ContentElementName)) {
27 | return new MyLabelView(elem);
28 | } else if (kind.equals(AbstractDocument.ParagraphElementName)) {
29 | return new ParagraphView(elem);
30 | } else if (kind.equals(AbstractDocument.SectionElementName)) {
31 | return new NoWrapBoxView(elem, View.Y_AXIS);
32 | } else if (kind.equals(StyleConstants.ComponentElementName)) {
33 | return new ComponentView(elem);
34 | } else if (kind.equals(StyleConstants.IconElementName)) {
35 | return new IconView(elem);
36 | }
37 | }
38 |
39 | return new LabelView(elem);
40 | }
41 | }
42 |
43 | static class NoWrapBoxView extends BoxView {
44 | public NoWrapBoxView(Element elem, int axis) {
45 | super(elem, axis);
46 | }
47 |
48 | public void layout(int width, int height) {
49 | super.layout(32768, height);
50 | }
51 |
52 | public float getMinimumSpan(int axis) {
53 | return super.getPreferredSpan(axis);
54 | }
55 | }
56 |
57 | static class MyLabelView extends LabelView {
58 | public MyLabelView(Element elem) {
59 | super(elem);
60 | }
61 |
62 | public float getPreferredSpan(int axis) {
63 | float span = 0;
64 | if (axis == View.X_AXIS) {
65 | int p0 = getStartOffset();
66 | int p1 = getEndOffset();
67 | checkPainter();
68 | TabExpander ex = getTabExpander();
69 | if (ex == null) {
70 | // paragraph implements TabExpander
71 | ex = (TabExpander) this.getParent().getParent();
72 | }
73 | span = getGlyphPainter().getSpan(this, p0, p1, ex, 0);
74 | return Math.max(span, 1);
75 | } else {
76 | span = super.getPreferredSpan(axis);
77 | }
78 | return span;
79 | }
80 | }
81 |
82 | }
83 |
--------------------------------------------------------------------------------
/scripts/forcebrowse.bsh:
--------------------------------------------------------------------------------
1 | import org.owasp.webscarab.model.ConversationID;
2 | import org.owasp.webscarab.model.HttpUrl;
3 | import org.owasp.webscarab.model.Request;
4 | import org.owasp.webscarab.model.Response;
5 | import java.io.BufferedReader;
6 | import java.io.FileReader;
7 | import javax.swing.JOptionPane;
8 |
9 | // We ask for a template that already has the appropriate method, version,
10 | // headers, etc defined
11 | // All we'll do is replace the URL, and send it off
12 | String templ = JOptionPane.showInputDialog("Which request shall I use for the template?");
13 | String urlfile = JOptionPane.showInputDialog("Where is the list of URLs to try?");
14 |
15 | Request template = scripted.getRequest(Integer.parseInt(templ));
16 |
17 | BufferedReader urls = new BufferedReader(new FileReader(urlfile));
18 |
19 | // This will hold the name of the next file to try
20 | // getNextRequest() will update this when we construct the request
21 | String url = urls.readLine();
22 |
23 | // modify this routine to determine when we are finished
24 | // NB: This can be called multiple times between requests, so it
25 | // should not have any side effects
26 | boolean hasMoreRequests() {
27 | return url != null;
28 | }
29 |
30 | // modify this routine to construct the next request, and update the
31 | // position in the list
32 | Request getNextRequest() {
33 | // create a copy of the template
34 | Request request = new Request(template);
35 | request.setURL(new HttpUrl(url));
36 | out.println("Trying " + url);
37 | url = urls.readLine(); // get the next one to try
38 | return request;
39 | }
40 |
41 | void gotResponse(Response response) {
42 | scripted.addConversation(response);
43 | }
44 |
45 | // call this to fetch them in parallel
46 | // the number of simultaneous connections is controlled by the Scripted plugin
47 | // It is currently hardcoded in the source at 4 simultaneous requests
48 |
49 | void fetchParallel() {
50 | while (scripted.isAsyncBusy() || hasMoreRequests()) {
51 | while (scripted.hasAsyncCapacity() && hasMoreRequests()) {
52 | scripted.submitAsyncRequest(getNextRequest());
53 | }
54 | Thread.sleep(100);
55 | while (scripted.hasAsyncResponse()) {
56 | gotResponse(scripted.getAsyncResponse());
57 | }
58 | }
59 | }
60 |
61 | fetchParallel();
62 |
63 |
64 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/openid/AXFetchResponseAttribute.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * This file is part of WebScarab, an Open Web Application Security
4 | * Project utility. For details, please see http://www.owasp.org/
5 | *
6 | * Copyright (c) 2011 FedICT
7 | *
8 | * This program is free software; you can redistribute it and/or
9 | * modify it under the terms of the GNU General Public License
10 | * as published by the Free Software Foundation; either version 2
11 | * of the License, or (at your option) any later version.
12 | *
13 | * This program is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License
19 | * along with this program; if not, write to the Free Software
20 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 | *
22 | */
23 | package org.owasp.webscarab.plugin.openid;
24 |
25 | /**
26 | *
27 | * @author Frank Cornelis
28 | */
29 | public class AXFetchResponseAttribute {
30 |
31 | private String attributeType;
32 | private final String alias;
33 | private String value;
34 | private boolean signed;
35 |
36 | public AXFetchResponseAttribute(String alias) {
37 | this(null, alias, null, false);
38 | }
39 |
40 | public AXFetchResponseAttribute(String attributeType, String alias, String value, boolean signed) {
41 | this.attributeType = attributeType;
42 | this.alias = alias;
43 | this.value = value;
44 | this.signed = signed;
45 | }
46 |
47 | public String getAlias() {
48 | return this.alias;
49 | }
50 |
51 | public String getAttributeType() {
52 | return this.attributeType;
53 | }
54 |
55 | public boolean isSigned() {
56 | return this.signed;
57 | }
58 |
59 | public String getValue() {
60 | return this.value;
61 | }
62 |
63 | public void setAttributeType(String attributeType) {
64 | this.attributeType = attributeType;
65 | }
66 |
67 | public void setSigned(boolean signed) {
68 | this.signed = signed;
69 | }
70 |
71 | public void setValue(String value) {
72 | this.value = value;
73 | }
74 | }
75 |
--------------------------------------------------------------------------------
/doc/userguide/tools.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 | The Tools menu
7 | The Tools menu contains the following options:
8 | Proxies
9 | This menu allows you to specify any upstream proxies that may be
10 | required to access the target websites. You can specify different
11 | proxies for HTTP and HTTPS. The proxy exclusion list DOES NOT WORK YET,
12 | due to the developers not needing this functionality. If you need it,
13 | please have a go at implementing it yourself, and send patches to the
14 | developers.
15 | Shared Cookies
16 | This displays a "Shared Cookie jar". This cookie jar is shared
17 | between
18 | the Proxy, Spider and Manual Request plugins. The various cookies are
19 | available in a drop-down list, and the main table shows what values
20 | that cookie has had in the past.
21 | The Proxy plugin can be configured to record all cookies that it
22 | sees
23 | from the servers, and insert those cookies into requests that "should"
24 | have them. This may be useful if you are using multiple browsers, and
25 | want to share a session between them. Be careful, since flushing
26 | cookies from the browser may not have the effect that you expect, since
27 | WebScarab will insert the most recent cookie it knows about into the
28 | requests that it sees. (This can be disabled.)
29 | The Spider plugin can also use these cookies when automatically
30 | traversing a site.
31 | The Manual Request plugin has buttons allowing the user to
32 | automatically insert the appropriate cookies into the request, as well
33 | as extracting cookies from any responses.
34 | Transcoder
35 | The Transcoder is a utility window that allows the user to perform
36 | certain manipulations of text. Examples include URL-encoding and
37 | decoding, Base64-encoding and decoding, and MD5 and SHA1 hashes. Data
38 | can be copied to and from the clipboard, and there is also undo/redo
39 | functionality available on the Edit menu.
40 | Save Configuration
41 | WebScarab can store certain configuration options in a properties
42 | file.
43 | This is called WebScarab.properties, and is located in your home
44 | directory (~/ on Unix, and usually Documents and Setting\username\ on
45 | Win32). Examples of data that is saved include upstream Proxy settings,
46 | and settings for various plugins. This properties file is read on
47 | startup if it exists, but is only saved when this option is explicitly
48 | selected.
49 |
50 |
51 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/util/swing/DOMTreeModel.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | package org.owasp.webscarab.util.swing;
35 |
36 | import org.owasp.webscarab.util.swing.AbstractTreeModel;
37 |
38 | import org.w3c.dom.Node;
39 | import org.w3c.dom.NodeList;
40 | import javax.swing.tree.TreePath;
41 |
42 | public class DOMTreeModel extends AbstractTreeModel {
43 |
44 | private Node _root;
45 |
46 | public DOMTreeModel(Node root) {
47 | _root = root;
48 | }
49 |
50 | public Object getRoot() {
51 | return _root;
52 | }
53 |
54 | public int getChildCount(Object parent) {
55 | NodeList nodes = ((Node) parent).getChildNodes();
56 | return nodes.getLength();
57 | }
58 |
59 | public Object getChild(Object parent, int index) {
60 | NodeList nodes = ((Node) parent).getChildNodes();
61 | return nodes.item(index);
62 | }
63 |
64 | public boolean isLeaf(Object node) {
65 | return ((Node)node).getNodeType() != Node.ELEMENT_NODE;
66 | }
67 |
68 | public void valueForPathChanged(TreePath path, Object newValue) {
69 | // we do not support editing
70 | }
71 |
72 | }
73 |
74 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/sessionid/SessionID.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * SessionID.java
36 | *
37 | * Created on 16 November 2003, 07:29
38 | */
39 |
40 | package org.owasp.webscarab.plugin.sessionid;
41 |
42 | import java.util.Date;
43 |
44 | /**
45 | *
46 | * @author rdawes
47 | */
48 | public class SessionID implements Comparable {
49 |
50 | private Date _date;
51 | private String _value;
52 |
53 | /** Creates a new instance of SessionID */
54 | public SessionID(Date date, String value) {
55 | _date = date;
56 | _value = value;
57 | }
58 |
59 | public SessionID(String line) {
60 | int sep = line.indexOf(":");
61 | String time = line.substring(0, sep);
62 | _date = new Date(Long.parseLong(time));
63 | _value = line.substring(sep+2);
64 | }
65 |
66 | public Date getDate() {
67 | return _date;
68 | }
69 |
70 | public String getValue() {
71 | return _value;
72 | }
73 |
74 | public int compareTo(SessionID o) {
75 | if (o == null) return -1;
76 | return _date.compareTo(o.getDate());
77 | }
78 |
79 | public String toString() {
80 | return _date.getTime() + ": " + _value;
81 | }
82 |
83 | }
84 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/util/swing/treetable/AbstractTreeTableModel.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | package org.owasp.webscarab.util.swing.treetable;
35 |
36 | import org.owasp.webscarab.util.swing.AbstractTreeModel;
37 |
38 | public abstract class AbstractTreeTableModel extends AbstractTreeModel implements TreeTableModel {
39 |
40 | //
41 | // Default implementations for methods in the TreeTableModel interface.
42 | //
43 |
44 | public Class getColumnClass(int column) {
45 | return column == 0 ? TreeTableModel.class : Object.class;
46 | }
47 |
48 | /** By default, make the column with the Tree in it the only editable one.
49 | * Making this column editable causes the JTable to forward mouse
50 | * and keyboard events in the Tree column to the underlying JTree.
51 | */
52 | public boolean isCellEditable(Object node, int column) {
53 | return getColumnClass(column) == TreeTableModel.class;
54 | }
55 |
56 | public void setValueAt(Object aValue, Object node, int column) {}
57 |
58 | // Left to be implemented in the subclass:
59 |
60 | /*
61 | * public int getColumnCount()
62 | * public String getColumnName(Object node, int column)
63 | * public Object getValueAt(Object node, int column)
64 | */
65 | }
66 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/util/swing/treetable/TreeTableModel.java:
--------------------------------------------------------------------------------
1 | /*
2 | * TreeTableModel.java
3 | *
4 | * Copyright (c) 1998 Sun Microsystems, Inc. All Rights Reserved.
5 | *
6 | * This software is the confidential and proprietary information of Sun
7 | * Microsystems, Inc. ("Confidential Information"). You shall not
8 | * disclose such Confidential Information and shall use it only in
9 | * accordance with the terms of the license agreement you entered into
10 | * with Sun.
11 | *
12 | * SUN MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF THE
13 | * SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
14 | * IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
15 | * PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR ANY DAMAGES
16 | * SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING
17 | * THIS SOFTWARE OR ITS DERIVATIVES.
18 | *
19 | */
20 |
21 | package org.owasp.webscarab.util.swing.treetable;
22 |
23 | import javax.swing.tree.TreeModel;
24 |
25 | /**
26 | * TreeTableModel is the model used by a JTreeTable. It extends TreeModel
27 | * to add methods for getting inforamtion about the set of columns each
28 | * node in the TreeTableModel may have. Each column, like a column in
29 | * a TableModel, has a name and a type associated with it. Each node in
30 | * the TreeTableModel can return a value for each of the columns and
31 | * set that value if isCellEditable() returns true.
32 | *
33 | * @author Philip Milne
34 | * @author Scott Violet
35 | */
36 | public interface TreeTableModel extends TreeModel
37 | {
38 | /**
39 | * Returns the number of available columns.
40 | */
41 | int getColumnCount();
42 |
43 | /**
44 | * Returns the name for column number column.
45 | */
46 | String getColumnName(int column);
47 |
48 | /**
49 | * Returns the type for column number column.
50 | */
51 | Class getColumnClass(int column);
52 |
53 | /**
54 | * Returns the value to be displayed for node node,
55 | * at column number column.
56 | */
57 | Object getValueAt(Object node, int column);
58 |
59 | /**
60 | * Indicates whether the the value for node node,
61 | * at column number column is editable.
62 | */
63 | boolean isCellEditable(Object node, int column);
64 |
65 | /**
66 | * Sets the value for node node,
67 | * at column number column.
68 | */
69 | void setValueAt(Object aValue, Object node, int column);
70 | }
71 |
72 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/Hook.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Hook.java
3 | *
4 | * Created on 07 January 2005, 05:19
5 | */
6 |
7 | package org.owasp.webscarab.plugin;
8 |
9 | import java.util.List;
10 | import java.util.ArrayList;
11 | import java.util.logging.Logger;
12 |
13 | import org.apache.bsf.BSFManager;
14 | import org.apache.bsf.BSFException;
15 |
16 | /**
17 | *
18 | * @author rogan
19 | */
20 | public class Hook {
21 |
22 | private String _name;
23 | private String _description;
24 | private List
9 | &{[code]};
10 | 
11 |
12 |