├── .gitignore ├── 1st.html ├── ChangeLog ├── INSTALL ├── LICENSE ├── LICENSE.md ├── README ├── WebScarab.jnlp ├── build.xml ├── doc ├── WebScarab-Howto.txt ├── architecture.html ├── cert.sh ├── certificates.html └── userguide │ ├── proxies.png │ ├── swing.xml │ ├── tools.html │ └── using.html ├── frozenlibs ├── chardet-1.0.jar ├── chardet:chardet:jar:1.0 ├── htmlparser-1.5.jar └── htmlparser:htmlparser:jar:1.5 ├── installer ├── README ├── izpack.xml ├── shortcutSpec.xml └── useNativeLAF ├── izpack ├── install.xml └── shortcutSpec.xml ├── lib ├── W32WinInet.dll ├── bcpkix-jdk15on-148.jar ├── bcprov-jdk15on-148.jar ├── bsf-2.3.0.jar ├── bsh-2.0b1.jar ├── chardet.jar ├── commons-logging-1.0.4.jar ├── concurrent.jar ├── flex-messaging-common.jar ├── flex-messaging-core.jar ├── flex-messaging-remoting.jar ├── help.jnlp ├── htmlparser.jar ├── jcifs-1.3.14.jar ├── jcommon-1.0.16.jar ├── jfreechart-1.0.13.jar ├── jhall-2.0_02.jar ├── joda-time-2.1.jar ├── openamf.jar ├── openid4java-0.9.7.jar ├── p11-capi.dll ├── tagsoup-1.0rc2.jar ├── xalan-2.7.1.jar └── xmlsec-1.4.3.jar ├── pom.xml ├── scripts ├── forcebrowse.bsh ├── google-get.bsh ├── hacmebank-login-sequential.bsh ├── hacmebank-login.bsh ├── hacmebank-post-message.bsh ├── multipartify.bsh ├── no-images.bsh └── webgoat-session-brute.bsh ├── server.p12 ├── src ├── javax │ └── net │ │ └── ssl │ │ └── X509ExtendedTrustManager.java ├── no │ └── geosoft │ │ └── cc │ │ └── ui │ │ └── SplashScreen.java └── org │ └── owasp │ └── webscarab │ ├── LICENSE.java │ ├── Main.java │ ├── WebScarab.java │ ├── httpclient │ ├── AbstractCertificateRepository.java │ ├── AliasKeyManager.java │ ├── Authenticator.java │ ├── CertificateRepository.java │ ├── ChunkedInputStream.java │ ├── ChunkedOutputStream.java │ ├── ClientTrustManager.java │ ├── ConversationHandler.java │ ├── FetcherQueue.java │ ├── FixedLengthInputStream.java │ ├── HTTPClient.java │ ├── HTTPClientFactory.java │ ├── SSLContextManager.java │ └── URLFetcher.java │ ├── model │ ├── AbstractConversationModel.java │ ├── AbstractUrlModel.java │ ├── ConversationEvent.java │ ├── ConversationID.java │ ├── ConversationListener.java │ ├── ConversationModel.java │ ├── Cookie.java │ ├── FileSystemStore.java │ ├── FilteredConversationModel.java │ ├── FilteredUrlModel.java │ ├── FrameworkEvent.java │ ├── FrameworkListener.java │ ├── FrameworkModel.java │ ├── HttpUrl.java │ ├── Message.java │ ├── MultiPartContent.java │ ├── NamedValue.java │ ├── Preferences.java │ ├── Request.java │ ├── Response.java │ ├── SiteModelStore.java │ ├── StoreException.java │ ├── UrlEvent.java │ ├── UrlListener.java │ └── UrlModel.java │ ├── parser │ ├── ContentParser.java │ ├── HTMLParser.java │ └── Parser.java │ ├── plugin │ ├── AbstractPluginModel.java │ ├── BasicCredential.java │ ├── CredentialManager.java │ ├── CredentialManagerUI.java │ ├── DomainCredential.java │ ├── Framework.java │ ├── FrameworkModelWrapper.java │ ├── FrameworkUI.java │ ├── Hook.java │ ├── Plugin.java │ ├── PluginUI.java │ ├── SSLKeyManager.java │ ├── Script.java │ ├── ScriptListener.java │ ├── ScriptManager.java │ ├── ScriptableConversation.java │ ├── compare │ │ ├── Compare.java │ │ ├── CompareModel.java │ │ └── swing │ │ │ ├── ComparePanel.form │ │ │ └── ComparePanel.java │ ├── extensions │ │ ├── Extensions.java │ │ ├── ExtensionsModel.java │ │ └── swing │ │ │ ├── ExtensionsPanel.form │ │ │ └── ExtensionsPanel.java │ ├── fragments │ │ ├── FileSystemStore.java │ │ ├── FragmentListener.java │ │ ├── Fragments.java │ │ ├── FragmentsModel.java │ │ ├── FragmentsStore.java │ │ └── swing │ │ │ ├── FragmentsFrame.form │ │ │ ├── FragmentsFrame.java │ │ │ ├── FragmentsPanel.form │ │ │ └── FragmentsPanel.java │ ├── fuzz │ │ ├── FuzzFactory.java │ │ ├── FuzzSource.java │ │ ├── Fuzzer.java │ │ ├── FuzzerEvent.java │ │ ├── FuzzerListener.java │ │ ├── FuzzerModel.java │ │ ├── Parameter.java │ │ ├── RegexSource.java │ │ ├── Signature.java │ │ ├── sql.txt │ │ ├── swing │ │ │ ├── FuzzerPanel.form │ │ │ └── FuzzerPanel.java │ │ └── xss.txt │ ├── identity │ │ ├── CookieTokenParser.java │ │ ├── FileSystemStore.java │ │ ├── Identity.java │ │ ├── IdentityModel.java │ │ ├── IdentityStore.java │ │ ├── ScriptableIdentity.java │ │ ├── TokenParser.java │ │ ├── Transition.java │ │ └── swing │ │ │ ├── IdentityPanel.java │ │ │ └── SelectTokenDialog.java │ ├── manualrequest │ │ ├── ManualRequest.java │ │ ├── ManualRequestModel.java │ │ ├── ManualRequestUI.java │ │ └── swing │ │ │ ├── ManualRequestPanel.form │ │ │ └── ManualRequestPanel.java │ ├── openid │ │ ├── AXFetchRequestAttribute.java │ │ ├── AXFetchResponseAttribute.java │ │ ├── OpenId.java │ │ ├── OpenIdHTTPClient.java │ │ ├── OpenIdModel.java │ │ ├── OpenIdProxy.java │ │ ├── OpenIdProxyConfig.java │ │ ├── PAPEResponse.java │ │ └── swing │ │ │ ├── AXFetchRequestTableModel.java │ │ │ ├── AXFetchResponseTableModel.java │ │ │ ├── AssociationOPUrlAction.java │ │ │ ├── AssociationSessionComboBoxModel.java │ │ │ ├── AssociationTableModel.java │ │ │ ├── OpenIdPanel.form │ │ │ ├── OpenIdPanel.java │ │ │ └── ParametersTableModel.java │ ├── proxy │ │ ├── BeanShell.java │ │ ├── BeanShellUI.java │ │ ├── BrowserCache.java │ │ ├── ConnectionHandler.java │ │ ├── CookieTracker.java │ │ ├── Listener.java │ │ ├── ListenerSpec.java │ │ ├── ManualEdit.java │ │ ├── ManualEditUI.java │ │ ├── Proxy.java │ │ ├── ProxyPlugin.java │ │ ├── ProxyUI.java │ │ ├── RevealHidden.java │ │ ├── SSLSocketFactoryFactory.java │ │ ├── ScriptableConnection.java │ │ └── swing │ │ │ ├── BeanShellPanel.form │ │ │ ├── BeanShellPanel.java │ │ │ ├── ListenerTableModel.java │ │ │ ├── ManualEditFrame.form │ │ │ ├── ManualEditFrame.java │ │ │ ├── ManualEditPanel.form │ │ │ ├── ManualEditPanel.java │ │ │ ├── MiscPanel.form │ │ │ ├── MiscPanel.java │ │ │ ├── ProxyPanel.form │ │ │ ├── ProxyPanel.java │ │ │ └── ProxyPluginUI.java │ ├── saml │ │ ├── Occurences.java │ │ ├── Saml.java │ │ ├── SamlCertificateRepository.java │ │ ├── SamlHTTPClient.java │ │ ├── SamlModel.java │ │ ├── SamlProxy.java │ │ ├── SamlProxyConfig.java │ │ ├── SamlProxyListener.java │ │ ├── SamlSignatureException.java │ │ ├── SignatureType.java │ │ ├── VerifyReference.java │ │ ├── Wrapper.java │ │ └── swing │ │ │ ├── AttributesTableModel.java │ │ │ ├── CertPathTreeModel.java │ │ │ ├── OpenBrowserAction.java │ │ │ ├── SamlExportConversationAction.java │ │ │ ├── SamlPanel.form │ │ │ ├── SamlPanel.java │ │ │ └── SamlReplayConversationAction.java │ ├── scripted │ │ ├── Scripted.java │ │ ├── ScriptedObjectModel.java │ │ ├── ScriptedUI.java │ │ ├── script.bsh │ │ └── swing │ │ │ ├── ScriptedPanel.form │ │ │ └── ScriptedPanel.java │ ├── search │ │ ├── Search.java │ │ ├── SearchModel.java │ │ └── swing │ │ │ ├── SearchPanel.form │ │ │ └── SearchPanel.java │ ├── sessionid │ │ ├── Calculator.java │ │ ├── DefaultCalculator.java │ │ ├── FileSystemStore.java │ │ ├── SessionID.java │ │ ├── SessionIDAnalysis.java │ │ ├── SessionIDAnalysisUI.java │ │ ├── SessionIDListener.java │ │ ├── SessionIDModel.java │ │ ├── SessionIDStore.java │ │ └── swing │ │ │ ├── BigRenderer.java │ │ │ ├── SessionIDPanel.form │ │ │ └── SessionIDPanel.java │ ├── spider │ │ ├── Link.java │ │ ├── Spider.java │ │ ├── SpiderModel.java │ │ ├── SpiderUI.java │ │ └── swing │ │ │ ├── SpiderPanel.form │ │ │ └── SpiderPanel.java │ ├── wsfed │ │ ├── WSFederation.java │ │ ├── WSFederationModel.java │ │ └── swing │ │ │ ├── ParametersTableModel.java │ │ │ ├── WSFederationPanel.form │ │ │ └── WSFederationPanel.java │ └── xsscrlf │ │ ├── XSSCRLF.java │ │ ├── XSSCRLFModel.java │ │ └── swing │ │ ├── XSSCRLFPanel.form │ │ └── XSSCRLFPanel.java │ ├── ui │ └── swing │ │ ├── CertificateManager.form │ │ ├── CertificateManager.java │ │ ├── ColumnWidthTracker.java │ │ ├── ContentPanel.form │ │ ├── ContentPanel.java │ │ ├── ConversationListModel.java │ │ ├── ConversationPanel.form │ │ ├── ConversationPanel.java │ │ ├── ConversationRenderer.java │ │ ├── ConversationTableModel.java │ │ ├── CookieJarViewer.form │ │ ├── CookieJarViewer.java │ │ ├── CredentialManagerFrame.form │ │ ├── CredentialManagerFrame.java │ │ ├── CredentialRequestDialog.form │ │ ├── CredentialRequestDialog.java │ │ ├── DateRenderer.java │ │ ├── EnabledBooleanTableCellRenderer.java │ │ ├── HeaderPanel.form │ │ ├── HeaderPanel.java │ │ ├── Lite.form │ │ ├── Lite.java │ │ ├── MessagePanel.form │ │ ├── MessagePanel.java │ │ ├── ProxyConfig.form │ │ ├── ProxyConfig.java │ │ ├── RequestPanel.form │ │ ├── RequestPanel.java │ │ ├── ResponsePanel.form │ │ ├── ResponsePanel.java │ │ ├── ScriptManagerFrame.form │ │ ├── ScriptManagerFrame.java │ │ ├── ShowConversationAction.java │ │ ├── SummaryPanel.form │ │ ├── SummaryPanel.java │ │ ├── SwingPluginUI.java │ │ ├── TagConversationAction.java │ │ ├── TranscoderFrame.form │ │ ├── TranscoderFrame.java │ │ ├── UIFramework.form │ │ ├── UIFramework.java │ │ ├── UrlFilteredConversationModel.java │ │ ├── UrlTreeModelAdapter.java │ │ ├── UrlTreeRenderer.java │ │ ├── UrlTreeTableModelAdapter.java │ │ ├── WebScarabUI.java │ │ └── editors │ │ ├── AMFPanel.java │ │ ├── ByteArrayEditor.java │ │ ├── EditorFactory.java │ │ ├── HTMLPanel.form │ │ ├── HTMLPanel.java │ │ ├── HexPanel.form │ │ ├── HexPanel.java │ │ ├── ImagePanel.form │ │ ├── ImagePanel.java │ │ ├── MultiPartPanel.form │ │ ├── MultiPartPanel.java │ │ ├── MyHTMLEditorKit.java │ │ ├── ObjectPanel.form │ │ ├── ObjectPanel.java │ │ ├── RegexSearcher.java │ │ ├── SearchDialog.form │ │ ├── SearchDialog.java │ │ ├── SerializedObjectPanel.java │ │ ├── TextPanel.form │ │ ├── TextPanel.java │ │ ├── UrlEncodedPanel.form │ │ ├── UrlEncodedPanel.java │ │ ├── XMLPanel.form │ │ └── XMLPanel.java │ ├── util │ ├── CharsetUtils.java │ ├── DOMHandler.java │ ├── Diff.java │ ├── Encoding.java │ ├── Glob.java │ ├── HtmlEncoder.java │ ├── LevenshteinDistance.java │ ├── LogInputStream.java │ ├── LogOutputStream.java │ ├── MRUCache.java │ ├── NullComparator.java │ ├── RFC2822.java │ ├── ReentrantReaderPreferenceReadWriteLock.java │ ├── RegexExpansion.java │ ├── RequestConverter.java │ ├── SunCertificateUtils.java │ ├── TempDir.java │ ├── TextFormatter.java │ ├── W32WinInet.c │ ├── W32WinInet.java │ └── swing │ │ ├── AbstractTreeModel.java │ │ ├── ColumnDataEvent.java │ │ ├── ColumnDataListener.java │ │ ├── ColumnDataModel.java │ │ ├── DOMTreeModel.java │ │ ├── DiffPanel.java │ │ ├── DocumentHandler.java │ │ ├── DocumentOutputStream.java │ │ ├── ExceptionHandler.form │ │ ├── ExceptionHandler.java │ │ ├── ExtensibleTableModel.java │ │ ├── GloballyContextSensitiveAction.java │ │ ├── HeapMonitor.java │ │ ├── JTreeTable.java │ │ ├── ListComboBoxModel.java │ │ ├── MultiLineCellRenderer.java │ │ ├── MultiLineTreeCellRenderer.java │ │ ├── NoWrapEditorKit.java │ │ ├── ProgrammaticConversationColumnDataModel.java │ │ ├── SwingWorker.java │ │ ├── TableSorter.java │ │ ├── TextComponentContextMenu.java │ │ ├── TreeUtil.java │ │ └── treetable │ │ ├── AbstractCellEditor.java │ │ ├── AbstractTreeTableModel.java │ │ ├── DefaultTreeTableModel.java │ │ ├── TreeTableModel.java │ │ ├── TreeTableModelAdapter.java │ │ └── TreeTableModelEvent.java │ └── webscarab_logo.gif ├── test ├── java │ └── test │ │ └── unit │ │ └── org │ │ └── owasp │ │ └── webscarab │ │ ├── plugin │ │ └── saml │ │ │ └── SamlTest.java │ │ └── util │ │ └── SunCertificateUtilsTest.java └── resources │ ├── log4j.xml │ └── test-saml-response-encrypted-attribute.xml └── webscarab_logo.gif /.gitignore: -------------------------------------------------------------------------------- 1 | .classpath 2 | .externalToolBuilders/ 3 | .keystore 4 | .project 5 | maven-eclipse.xml 6 | nbactions.xml 7 | target/ 8 | build/ 9 | dist/ 10 | doc/ 11 | webscarab*.jar 12 | *~ 13 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- 1 | Please see http://dawes.za.net/gitweb.cgi?p=rogan/webscarab/webscarab.git;a=summary 2 | for an up to date list of changes to WebScarab 3 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | /* 2 | * $Source: /cvsroot/owasp/webscarab/INSTALL,v $ 3 | * Copyright (c) 2002 owasp.org. 4 | * This file is part of WebScarab. 5 | * WebScarab is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation; either version 2 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * WebScarab is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * The valid license text for this file can be retrieved with 16 | * the call: java -cp owasp.jar org.owasp.webscarab.LICENSE 17 | * 18 | * If you are not able to view the LICENSE that way, which should 19 | * always be possible within a valid and working WebScarab release, 20 | * please write to the Free Software Foundation, Inc., 21 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 22 | */ 23 | 24 | This is the WebScarab OpenSource project, hosted at 25 | http://www.owasp.org/webscarab. 26 | All source code and development stuff is done under 27 | http://sourceforge.net/projects/owasp 28 | 29 | Prior to building WebScarab, you should download the various 30 | libraries that it depends on. You can see the list in the ant build.xml 31 | file, in this directory. If you got this file by checking out the source 32 | from the WebScarab CVS repository, you should have the required libraries 33 | already. 34 | 35 | WebScarab uses the Apache Ant build tool. In order to build WebScarab, you 36 | should use a reasonably recent version of Ant. 37 | 38 | There are two Ant build tasks that depend on external tools, IzPack and 39 | ProGuard. You are only likely to need these tools if you plan to build 40 | redistributable images of WebScarab. i.e. an installer, or the self-contained 41 | jar. There should be no problem running the common build tasks if you do not 42 | have these external tools. 43 | 44 | // end of $Source: /cvsroot/owasp/webscarab/INSTALL,v $ 45 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | This is the WebScarab OpenSource project, hosted at 2 | http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project 3 | 4 | It aims to become a tool that may be used automatically or interactively 5 | to test web applications for their security. 6 | WebScarab is written in 100% pure java and designed using a fairly clean 7 | set of interfaces to allow for removal and substitution of existing 8 | components, or addition of new analysis systems. 9 | 10 | For more details, please see the URL above. 11 | -------------------------------------------------------------------------------- /doc/certificates.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | WebScarab certificates 6 | 7 | 8 |

Creating your own certificates

9 |

WebScarab reads certificates stored in the PKCS12 format, which can be created 10 | or converted to by tools such as OpenSSL. PKCS12 is also one of the formats that 11 | Internet Explorer and Mozilla/Navigator, etc can import and export.

12 |

Since the PKCS12 format requires a password, WebScarab uses a password of 13 | "password" (without the quotes). This password is hard-coded into the source of WebScarab.

14 |

Note that this is not an important password, so there is no point in changing it!

15 |

If you decide you want to create your own certificates, for whatever reason, 16 | here are some instructions for doing so using OpenSSL:

17 |

First create the private key:

18 |
19 |   openssl genrsa 1024 > server.key
20 |   
21 |

Then create the corresponding self-signed certificate:

22 |
23 |   openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.crt
24 |   
25 |

Finally, wrap both the key and the certificate into a PKCS12 formatted file:

26 |
27 |   openssl pkcs12 -export -out server.p12 -in server.crt -inkey server.key -name "WebScarab"
28 |   
29 |

Place the resulting "server.p12" file in the root of the webscarab 30 | installation directory, in place of the existing server.p12 file

31 |

Initial support for client certificates exists now, so you should be 32 | able to do similar operations for the client certificate and keys, 33 | calling the file "client.p12"

34 |

35 | NOTE that WebScarab looks for the certificate and key files IN the 36 | webscarab.jar, so you will have to rebuild the jar file with your 37 | updated certificate files, otherwise they will not be used!

38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /doc/userguide/proxies.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/doc/userguide/proxies.png -------------------------------------------------------------------------------- /doc/userguide/tools.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 |

The Tools menu

7 | The Tools menu contains the following options: 8 |
  • Proxies
  • 9 |

    This menu allows you to specify any upstream proxies that may be 10 | required to access the target websites. You can specify different 11 | proxies for HTTP and HTTPS. The proxy exclusion list DOES NOT WORK YET, 12 | due to the developers not needing this functionality. If you need it, 13 | please have a go at implementing it yourself, and send patches to the 14 | developers.

    15 |
  • Shared Cookies
  • 16 |

    This displays a "Shared Cookie jar". This cookie jar is shared 17 | between 18 | the Proxy, Spider and Manual Request plugins. The various cookies are 19 | available in a drop-down list, and the main table shows what values 20 | that cookie has had in the past.

    21 |

    The Proxy plugin can be configured to record all cookies that it 22 | sees 23 | from the servers, and insert those cookies into requests that "should" 24 | have them. This may be useful if you are using multiple browsers, and 25 | want to share a session between them. Be careful, since flushing 26 | cookies from the browser may not have the effect that you expect, since 27 | WebScarab will insert the most recent cookie it knows about into the 28 | requests that it sees. (This can be disabled.)

    29 |

    The Spider plugin can also use these cookies when automatically 30 | traversing a site.

    31 |

    The Manual Request plugin has buttons allowing the user to 32 | automatically insert the appropriate cookies into the request, as well 33 | as extracting cookies from any responses.

    34 |
  • Transcoder
  • 35 |

    The Transcoder is a utility window that allows the user to perform 36 | certain manipulations of text. Examples include URL-encoding and 37 | decoding, Base64-encoding and decoding, and MD5 and SHA1 hashes. Data 38 | can be copied to and from the clipboard, and there is also undo/redo 39 | functionality available on the Edit menu.

    40 |
  • Save Configuration
  • 41 |

    WebScarab can store certain configuration options in a properties 42 | file. 43 | This is called WebScarab.properties, and is located in your home 44 | directory (~/ on Unix, and usually Documents and Setting\username\ on 45 | Win32). Examples of data that is saved include upstream Proxy settings, 46 | and settings for various plugins. This properties file is read on 47 | startup if it exists, but is only saved when this option is explicitly 48 | selected.

    49 | 50 | 51 | -------------------------------------------------------------------------------- /frozenlibs/chardet-1.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/frozenlibs/chardet-1.0.jar -------------------------------------------------------------------------------- /frozenlibs/chardet:chardet:jar:1.0: -------------------------------------------------------------------------------- 1 | chardet-1.0.jar -------------------------------------------------------------------------------- /frozenlibs/htmlparser-1.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/frozenlibs/htmlparser-1.5.jar -------------------------------------------------------------------------------- /frozenlibs/htmlparser:htmlparser:jar:1.5: -------------------------------------------------------------------------------- 1 | htmlparser-1.5.jar -------------------------------------------------------------------------------- /installer/README: -------------------------------------------------------------------------------- 1 | This installer uses IzPack from www.izforge.com 2 | -------------------------------------------------------------------------------- /installer/izpack.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | WebScarab 4 | ! 5 | 6 | 7 | 8 | http://owasp.org/development/webscarab 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | The base files 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | The documentation 48 | 49 | 50 | 51 | 52 | 53 | The sources 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | -------------------------------------------------------------------------------- /installer/shortcutSpec.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 21 | 22 | 23 | 24 | 36 | 37 | 38 | 39 | 40 | -------------------------------------------------------------------------------- /installer/useNativeLAF: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/installer/useNativeLAF -------------------------------------------------------------------------------- /izpack/install.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | WebScarab 8 | ${project.version} 9 | 1.6 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | The WebScarab application 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /izpack/shortcutSpec.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 18 | 19 | 20 | 32 | 33 | -------------------------------------------------------------------------------- /lib/W32WinInet.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/W32WinInet.dll -------------------------------------------------------------------------------- /lib/bcpkix-jdk15on-148.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/bcpkix-jdk15on-148.jar -------------------------------------------------------------------------------- /lib/bcprov-jdk15on-148.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/bcprov-jdk15on-148.jar -------------------------------------------------------------------------------- /lib/bsf-2.3.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/bsf-2.3.0.jar -------------------------------------------------------------------------------- /lib/bsh-2.0b1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/bsh-2.0b1.jar -------------------------------------------------------------------------------- /lib/chardet.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/chardet.jar -------------------------------------------------------------------------------- /lib/commons-logging-1.0.4.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/commons-logging-1.0.4.jar -------------------------------------------------------------------------------- /lib/concurrent.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/concurrent.jar -------------------------------------------------------------------------------- /lib/flex-messaging-common.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/flex-messaging-common.jar -------------------------------------------------------------------------------- /lib/flex-messaging-core.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/flex-messaging-core.jar -------------------------------------------------------------------------------- /lib/flex-messaging-remoting.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/flex-messaging-remoting.jar -------------------------------------------------------------------------------- /lib/help.jnlp: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | JavaHelp 5 | Sun Microsystems, Inc. 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /lib/htmlparser.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/htmlparser.jar -------------------------------------------------------------------------------- /lib/jcifs-1.3.14.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/jcifs-1.3.14.jar -------------------------------------------------------------------------------- /lib/jcommon-1.0.16.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/jcommon-1.0.16.jar -------------------------------------------------------------------------------- /lib/jfreechart-1.0.13.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/jfreechart-1.0.13.jar -------------------------------------------------------------------------------- /lib/jhall-2.0_02.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/jhall-2.0_02.jar -------------------------------------------------------------------------------- /lib/joda-time-2.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/joda-time-2.1.jar -------------------------------------------------------------------------------- /lib/openamf.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/openamf.jar -------------------------------------------------------------------------------- /lib/openid4java-0.9.7.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/openid4java-0.9.7.jar -------------------------------------------------------------------------------- /lib/p11-capi.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/p11-capi.dll -------------------------------------------------------------------------------- /lib/tagsoup-1.0rc2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/tagsoup-1.0rc2.jar -------------------------------------------------------------------------------- /lib/xalan-2.7.1.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/xalan-2.7.1.jar -------------------------------------------------------------------------------- /lib/xmlsec-1.4.3.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/xmlsec-1.4.3.jar -------------------------------------------------------------------------------- /scripts/forcebrowse.bsh: -------------------------------------------------------------------------------- 1 | import org.owasp.webscarab.model.ConversationID; 2 | import org.owasp.webscarab.model.HttpUrl; 3 | import org.owasp.webscarab.model.Request; 4 | import org.owasp.webscarab.model.Response; 5 | import java.io.BufferedReader; 6 | import java.io.FileReader; 7 | import javax.swing.JOptionPane; 8 | 9 | // We ask for a template that already has the appropriate method, version, 10 | // headers, etc defined 11 | // All we'll do is replace the URL, and send it off 12 | String templ = JOptionPane.showInputDialog("Which request shall I use for the template?"); 13 | String urlfile = JOptionPane.showInputDialog("Where is the list of URLs to try?"); 14 | 15 | Request template = scripted.getRequest(Integer.parseInt(templ)); 16 | 17 | BufferedReader urls = new BufferedReader(new FileReader(urlfile)); 18 | 19 | // This will hold the name of the next file to try 20 | // getNextRequest() will update this when we construct the request 21 | String url = urls.readLine(); 22 | 23 | // modify this routine to determine when we are finished 24 | // NB: This can be called multiple times between requests, so it 25 | // should not have any side effects 26 | boolean hasMoreRequests() { 27 | return url != null; 28 | } 29 | 30 | // modify this routine to construct the next request, and update the 31 | // position in the list 32 | Request getNextRequest() { 33 | // create a copy of the template 34 | Request request = new Request(template); 35 | request.setURL(new HttpUrl(url)); 36 | out.println("Trying " + url); 37 | url = urls.readLine(); // get the next one to try 38 | return request; 39 | } 40 | 41 | void gotResponse(Response response) { 42 | scripted.addConversation(response); 43 | } 44 | 45 | // call this to fetch them in parallel 46 | // the number of simultaneous connections is controlled by the Scripted plugin 47 | // It is currently hardcoded in the source at 4 simultaneous requests 48 | 49 | void fetchParallel() { 50 | while (scripted.isAsyncBusy() || hasMoreRequests()) { 51 | while (scripted.hasAsyncCapacity() && hasMoreRequests()) { 52 | scripted.submitAsyncRequest(getNextRequest()); 53 | } 54 | Thread.sleep(100); 55 | while (scripted.hasAsyncResponse()) { 56 | gotResponse(scripted.getAsyncResponse()); 57 | } 58 | } 59 | } 60 | 61 | fetchParallel(); 62 | 63 | 64 | -------------------------------------------------------------------------------- /scripts/multipartify.bsh: -------------------------------------------------------------------------------- 1 | /* 2 | * Multipartify.java - Quick and dirty BeanShell for WebScarab to 3 | * convert urlencoded POST HTTP requests to multipart requests. 4 | * 5 | * Copyright (C) 2007 Meder Kydyraliev 6 | * 7 | * http://o0o.nu/~meder 8 | * 9 | */ 10 | import org.owasp.webscarab.model.Request; 11 | import org.owasp.webscarab.model.Response; 12 | import org.owasp.webscarab.httpclient.HTTPClient; 13 | import org.owasp.webscarab.model.NamedValue; 14 | import java.io.IOException; 15 | 16 | public Response fetchResponse(HTTPClient nextPlugin, Request request) throws IOException { 17 | 18 | private static final String contentType = "multipart/form-data; boundary=o0oo0oo0oo0oo0oo0oo0o"; 19 | private static final String boundary= "\r\n--o0oo0oo0oo0oo0oo0oo0o"; 20 | private static final String contentDisp= "\r\nContent-Disposition: form-data; name="; 21 | 22 | if (request.getMethod().equals("POST") && request.getContent() != null) { 23 | String body = new String(request.getContent()); 24 | StringBuffer newBody = new StringBuffer(); 25 | NamedValue[] postParams = NamedValue.splitNamedValues(body, "&", "="); 26 | for (int ix=0; ix < postParams.length; ix++) { 27 | newBody.append(boundary + contentDisp + "\"" + postParams[ix].getName() + "\"\r\n\r\n" + postParams[ix].getValue() + " "); 28 | } 29 | newBody.append(boundary + "--\r\n"); 30 | request.setHeader("Content-Type", contentType); 31 | request.setContent(newBody.substring(2).getBytes()); 32 | } 33 | 34 | response = nextPlugin.fetchResponse(request); 35 | 36 | return response; 37 | } 38 | 39 | -------------------------------------------------------------------------------- /scripts/no-images.bsh: -------------------------------------------------------------------------------- 1 | response = conversation.getResponse(); 2 | // out.println("Got a " + response.status); 3 | type=response.getHeader("Content-Type"); 4 | // out.println("With content-type " + type); 5 | if (type!=null && type.startsWith("image")) { 6 | conversation.setCancelled(true); 7 | } 8 | -------------------------------------------------------------------------------- /scripts/webgoat-session-brute.bsh: -------------------------------------------------------------------------------- 1 | import org.owasp.webscarab.model.ConversationID; 2 | import org.owasp.webscarab.model.HttpUrl; 3 | import org.owasp.webscarab.model.Request; 4 | import org.owasp.webscarab.model.Response; 5 | import javax.swing.JOptionPane; 6 | 7 | String templ = JOptionPane.showInputDialog("Which request is the template?"); 8 | String seqStr = JOptionPane.showInputDialog("Enter sequence number"); 9 | String startStr = JOptionPane.showInputDialog("Enter start time"); 10 | String endStr = JOptionPane.showInputDialog("Enter end time"); 11 | 12 | int template = Integer.parseInt(templ); 13 | long seq = Long.parseLong(seqStr); 14 | long startTime = Long.parseLong(startStr); 15 | long endTime = Long.parseLong(endStr); 16 | boolean found = false; 17 | 18 | // a counter, so we can know when to stop 19 | long time = startTime; 20 | 21 | // call this to fetch them in parallel 22 | // the number of simultaneous connections is controlled by the Scripting plugin 23 | // It is currently fixed at 4 simultaneous requests 24 | 25 | void fetchParallel() { 26 | while (hasMoreRequests() || scripted.isAsyncBusy()) { 27 | while (scripted.hasAsyncCapacity() && hasMoreRequests()) { 28 | scripted.submitAsyncRequest(getNextRequest()); 29 | Thread.sleep(100); 30 | } 31 | if (scripted.hasAsyncResponse()) { 32 | while (scripted.hasAsyncResponse()) { 33 | response = scripted.getAsyncResponse(); 34 | request = response.getRequest(); 35 | String body = new String(response.getContent()); 36 | if (body.indexOf("Please sign in to your account") == -1) { 37 | done = true; 38 | ConversationID id = scripted.addConversation(response); 39 | out.println("Success with conversation " + id); 40 | } 41 | } 42 | } else Thread.sleep(100); 43 | } 44 | } 45 | 46 | // modify this routine to determine when we are finished 47 | boolean hasMoreRequests() { 48 | return !found && time urls = new ArrayList(); 16 | findJars(dir, urls); 17 | ClassLoader loader = ClassLoader.getSystemClassLoader(); 18 | if (urls.size() > 0) { 19 | URL[] u = urls.toArray(new URL[urls.size()]); 20 | System.out.println("Creating new ClassLoader"); 21 | Thread.currentThread().setContextClassLoader(new URLClassLoader(u, loader)); 22 | } else { 23 | System.err.println("No plugins found!"); 24 | } 25 | WebScarab.main(args); 26 | } 27 | 28 | private static void findJars(File dir, List urls) { 29 | if (!dir.isDirectory()) 30 | return; 31 | FilenameFilter filter = new FilenameFilter() { 32 | public boolean accept(File dir, String name) { 33 | return name.endsWith(".jar") || new File(dir, name).isDirectory(); 34 | } 35 | }; 36 | String[] items = dir.list(filter); 37 | if (items == null) 38 | return; 39 | for (int i=0; iStoreException without detail message. 55 | */ 56 | public StoreException() { 57 | } 58 | 59 | 60 | /** 61 | * Constructs an instance of StoreException with the specified detail message. 62 | * @param msg the detail message. 63 | */ 64 | public StoreException(String msg) { 65 | super(msg); 66 | } 67 | 68 | public StoreException(String msg, Throwable cause) { 69 | super(msg, cause); 70 | } 71 | 72 | } 73 | -------------------------------------------------------------------------------- /src/org/owasp/webscarab/model/UrlEvent.java: -------------------------------------------------------------------------------- 1 | /* 2 | * UrlEvent.java 3 | * 4 | * Created on 13 April 2005, 04:03 5 | */ 6 | 7 | package org.owasp.webscarab.model; 8 | 9 | import java.util.EventObject; 10 | 11 | /** 12 | * 13 | * @author rogan 14 | */ 15 | public class UrlEvent extends EventObject { 16 | 17 | /** 18 | * 19 | */ 20 | private static final long serialVersionUID = -2563329935372684632L; 21 | private HttpUrl _url; 22 | private int _position; 23 | 24 | /** Creates a new instance of UrlEvent */ 25 | public UrlEvent(Object source, HttpUrl url, int position) { 26 | super(source); 27 | _url = url; 28 | _position = position; 29 | } 30 | 31 | public HttpUrl getUrl() { 32 | return _url; 33 | } 34 | 35 | public int getPosition() { 36 | return _position; 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /src/org/owasp/webscarab/model/UrlListener.java: -------------------------------------------------------------------------------- 1 | /* 2 | * UrlListener.java 3 | * 4 | * Created on 13 April 2005, 04:01 5 | */ 6 | 7 | package org.owasp.webscarab.model; 8 | 9 | import java.util.EventListener; 10 | 11 | /** 12 | * 13 | * @author rogan 14 | */ 15 | public interface UrlListener extends EventListener { 16 | 17 | void urlAdded(UrlEvent evt); 18 | 19 | void urlChanged(UrlEvent evt); 20 | 21 | void urlRemoved(UrlEvent evt); 22 | 23 | void urlsChanged(); 24 | 25 | } 26 | -------------------------------------------------------------------------------- /src/org/owasp/webscarab/model/UrlModel.java: -------------------------------------------------------------------------------- 1 | /* 2 | * UrlModel.java 3 | * 4 | * Created on 13 April 2005, 03:58 5 | */ 6 | 7 | package org.owasp.webscarab.model; 8 | 9 | import EDU.oswego.cs.dl.util.concurrent.Sync; 10 | 11 | /** 12 | * 13 | * @author rogan 14 | */ 15 | public interface UrlModel { 16 | 17 | int getChildCount(HttpUrl parent); 18 | 19 | HttpUrl getChildAt(HttpUrl parent, int index); 20 | 21 | int getIndexOf(HttpUrl url); 22 | 23 | Sync readLock(); 24 | 25 | void addUrlListener(UrlListener listener); 26 | 27 | void removeUrlListener(UrlListener listener); 28 | 29 | } 30 | -------------------------------------------------------------------------------- /src/org/owasp/webscarab/parser/ContentParser.java: -------------------------------------------------------------------------------- 1 | /*********************************************************************** 2 | * 3 | * $CVSHeader$ 4 | * 5 | * This file is part of WebScarab, an Open Web Application Security 6 | * Project utility. For details, please see http://www.owasp.org/ 7 | * 8 | * Copyright (c) 2002 - 2004 Rogan Dawes 9 | * 10 | * This program is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU General Public License 12 | * as published by the Free Software Foundation; either version 2 13 | * of the License, or (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 23 | * 24 | * Getting Source 25 | * ============== 26 | * 27 | * Source for this application is maintained at Sourceforge.net, a 28 | * repository for free software projects. 29 | * 30 | * For details, please see http://www.sourceforge.net/projects/owasp 31 | * 32 | */ 33 | 34 | /* 35 | * ContentParser.java 36 | * 37 | * Created on June 24, 2004, 11:42 PM 38 | */ 39 | 40 | package org.owasp.webscarab.parser; 41 | 42 | import org.owasp.webscarab.model.Message; 43 | import org.owasp.webscarab.model.HttpUrl; 44 | 45 | /** 46 | * The methods required by a class that can parse the content of a message 47 | * @author knoppix 48 | */ 49 | public interface ContentParser { 50 | 51 | 52 | /** 53 | * parses the body of the message, and returns a parsed representation 54 | * @param message the Message to parse 55 | * @return the parsed representation of the message body 56 | */ 57 | Object parseMessage(HttpUrl url, Message message); 58 | 59 | } 60 | -------------------------------------------------------------------------------- /src/org/owasp/webscarab/plugin/BasicCredential.java: -------------------------------------------------------------------------------- 1 | /* 2 | * BasicCredential.java 3 | * 4 | * Created on 04 January 2006, 09:20 5 | * 6 | * To change this template, choose Tools | Options and locate the template under 7 | * the Source Creation and Management node. Right-click the template and choose 8 | * Open. You can then make changes to the template in the Source Editor. 9 | */ 10 | 11 | package org.owasp.webscarab.plugin; 12 | 13 | /** 14 | * 15 | * @author rdawes 16 | */ 17 | public class BasicCredential { 18 | 19 | private String _host; 20 | private String _realm; 21 | private String _username; 22 | private String _password; 23 | 24 | /** 25 | * Creates a new instance of BasicCredential 26 | */ 27 | public BasicCredential(String host, String realm, String username, String password) { 28 | _host = host; 29 | _realm = realm; 30 | _username = username; 31 | _password = password; 32 | } 33 | 34 | public String getHost() { 35 | return _host; 36 | } 37 | 38 | public String getRealm() { 39 | return _realm; 40 | } 41 | 42 | public String getUsername() { 43 | return _username; 44 | } 45 | 46 | public String getPassword() { 47 | return _password; 48 | } 49 | 50 | } 51 | -------------------------------------------------------------------------------- /src/org/owasp/webscarab/plugin/CredentialManagerUI.java: -------------------------------------------------------------------------------- 1 | /* 2 | * CredentialManagerUI.java 3 | * 4 | * Created on 04 January 2006, 09:09 5 | * 6 | * To change this template, choose Tools | Options and locate the template under 7 | * the Source Creation and Management node. Right-click the template and choose 8 | * Open. You can then make changes to the template in the Source Editor. 9 | */ 10 | 11 | package org.owasp.webscarab.plugin; 12 | 13 | /** 14 | * 15 | * @author rdawes 16 | */ 17 | public interface CredentialManagerUI { 18 | 19 | void requestCredentials(String host, String[] challenges); 20 | 21 | } 22 | -------------------------------------------------------------------------------- /src/org/owasp/webscarab/plugin/DomainCredential.java: -------------------------------------------------------------------------------- 1 | /* 2 | * DomainCredential.java 3 | * 4 | * Created on 04 January 2006, 09:23 5 | * 6 | * To change this template, choose Tools | Options and locate the template under 7 | * the Source Creation and Management node. Right-click the template and choose 8 | * Open. You can then make changes to the template in the Source Editor. 9 | */ 10 | 11 | package org.owasp.webscarab.plugin; 12 | 13 | /** 14 | * 15 | * @author rdawes 16 | */ 17 | public class DomainCredential { 18 | 19 | private String _host; 20 | private String _domain; 21 | private String _username; 22 | private String _password; 23 | 24 | /** Creates a new instance of DomainCredential */ 25 | public DomainCredential(String host, String domain, String username, String password) { 26 | _host = host; 27 | _domain = domain; 28 | _username = username; 29 | _password = password; 30 | } 31 | 32 | public String getHost() { 33 | return _host; 34 | } 35 | 36 | public String getDomain() { 37 | return _domain; 38 | } 39 | 40 | public String getUsername() { 41 | return _username; 42 | } 43 | 44 | public String getPassword() { 45 | return _password; 46 | } 47 | 48 | } 49 | -------------------------------------------------------------------------------- /src/org/owasp/webscarab/plugin/FrameworkUI.java: -------------------------------------------------------------------------------- 1 | /*********************************************************************** 2 | * 3 | * $CVSHeader$ 4 | * 5 | * This file is part of WebScarab, an Open Web Application Security 6 | * Project utility. For details, please see http://www.owasp.org/ 7 | * 8 | * Copyright (c) 2002 - 2004 Rogan Dawes 9 | * 10 | * This program is free software; you can redistribute it and/or 11 | * modify it under the terms of the GNU General Public License 12 | * as published by the Free Software Foundation; either version 2 13 | * of the License, or (at your option) any later version. 14 | * 15 | * This program is distributed in the hope that it will be useful, 16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 | * GNU General Public License for more details. 19 | * 20 | * You should have received a copy of the GNU General Public License 21 | * along with this program; if not, write to the Free Software 22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 23 | * 24 | * Getting Source 25 | * ============== 26 | * 27 | * Source for this application is maintained at Sourceforge.net, a 28 | * repository for free software projects. 29 | * 30 | * For details, please see http://www.sourceforge.net/projects/owasp 31 | * 32 | */ 33 | 34 | /* 35 | * FrameworkUI.java 36 | * 37 | * Created on September 7, 2004, 6:00 PM 38 | */ 39 | 40 | package org.owasp.webscarab.plugin; 41 | 42 | /** 43 | * specifies the interface between framework and its user interface 44 | * @author knoppix 45 | */ 46 | public interface FrameworkUI { 47 | 48 | 49 | } 50 | -------------------------------------------------------------------------------- /src/org/owasp/webscarab/plugin/Hook.java: -------------------------------------------------------------------------------- 1 | /* 2 | * Hook.java 3 | * 4 | * Created on 07 January 2005, 05:19 5 | */ 6 | 7 | package org.owasp.webscarab.plugin; 8 | 9 | import java.util.List; 10 | import java.util.ArrayList; 11 | import java.util.logging.Logger; 12 | 13 | import org.apache.bsf.BSFManager; 14 | import org.apache.bsf.BSFException; 15 | 16 | /** 17 | * 18 | * @author rogan 19 | */ 20 | public class Hook { 21 | 22 | private String _name; 23 | private String _description; 24 | private List 9 | &{[code]}; 10 | 11 | 12 |