├── .gitignore ├── 1st.html ├── ChangeLog ├── INSTALL ├── LICENSE ├── LICENSE.md ├── README ├── WebScarab.jnlp ├── build.xml ├── doc ├── WebScarab-Howto.txt ├── architecture.html ├── cert.sh ├── certificates.html └── userguide │ ├── proxies.png │ ├── swing.xml │ ├── tools.html │ └── using.html ├── frozenlibs ├── chardet-1.0.jar ├── chardet:chardet:jar:1.0 ├── htmlparser-1.5.jar └── htmlparser:htmlparser:jar:1.5 ├── installer ├── README ├── izpack.xml ├── shortcutSpec.xml └── useNativeLAF ├── izpack ├── install.xml └── shortcutSpec.xml ├── lib ├── W32WinInet.dll ├── bcpkix-jdk15on-148.jar ├── bcprov-jdk15on-148.jar ├── bsf-2.3.0.jar ├── bsh-2.0b1.jar ├── chardet.jar ├── commons-logging-1.0.4.jar ├── concurrent.jar ├── flex-messaging-common.jar ├── flex-messaging-core.jar ├── flex-messaging-remoting.jar ├── help.jnlp ├── htmlparser.jar ├── jcifs-1.3.14.jar ├── jcommon-1.0.16.jar ├── jfreechart-1.0.13.jar ├── jhall-2.0_02.jar ├── joda-time-2.1.jar ├── openamf.jar ├── openid4java-0.9.7.jar ├── p11-capi.dll ├── tagsoup-1.0rc2.jar ├── xalan-2.7.1.jar └── xmlsec-1.4.3.jar ├── pom.xml ├── scripts ├── forcebrowse.bsh ├── google-get.bsh ├── hacmebank-login-sequential.bsh ├── hacmebank-login.bsh ├── hacmebank-post-message.bsh ├── multipartify.bsh ├── no-images.bsh └── webgoat-session-brute.bsh ├── server.p12 ├── src ├── javax │ └── net │ │ └── ssl │ │ └── X509ExtendedTrustManager.java ├── no │ └── geosoft │ │ └── cc │ │ └── ui │ │ └── SplashScreen.java └── org │ └── owasp │ └── webscarab │ ├── LICENSE.java │ ├── Main.java │ ├── WebScarab.java │ ├── httpclient │ ├── AbstractCertificateRepository.java │ ├── AliasKeyManager.java │ ├── Authenticator.java │ ├── CertificateRepository.java │ ├── ChunkedInputStream.java │ ├── ChunkedOutputStream.java │ ├── ClientTrustManager.java │ ├── ConversationHandler.java │ ├── FetcherQueue.java │ ├── FixedLengthInputStream.java │ ├── HTTPClient.java │ ├── HTTPClientFactory.java │ ├── SSLContextManager.java │ └── URLFetcher.java │ ├── model │ ├── AbstractConversationModel.java │ ├── AbstractUrlModel.java │ ├── ConversationEvent.java │ ├── ConversationID.java │ ├── ConversationListener.java │ ├── ConversationModel.java │ ├── Cookie.java │ ├── FileSystemStore.java │ ├── FilteredConversationModel.java │ ├── FilteredUrlModel.java │ ├── FrameworkEvent.java │ ├── FrameworkListener.java │ ├── FrameworkModel.java │ ├── HttpUrl.java │ ├── Message.java │ ├── MultiPartContent.java │ ├── NamedValue.java │ ├── Preferences.java │ ├── Request.java │ ├── Response.java │ ├── SiteModelStore.java │ ├── StoreException.java │ ├── UrlEvent.java │ ├── UrlListener.java │ └── UrlModel.java │ ├── parser │ ├── ContentParser.java │ ├── HTMLParser.java │ └── Parser.java │ ├── plugin │ ├── AbstractPluginModel.java │ ├── BasicCredential.java │ ├── CredentialManager.java │ ├── CredentialManagerUI.java │ ├── DomainCredential.java │ ├── Framework.java │ ├── FrameworkModelWrapper.java │ ├── FrameworkUI.java │ ├── Hook.java │ ├── Plugin.java │ ├── PluginUI.java │ ├── SSLKeyManager.java │ ├── Script.java │ ├── ScriptListener.java │ ├── ScriptManager.java │ ├── ScriptableConversation.java │ ├── compare │ │ ├── Compare.java │ │ ├── CompareModel.java │ │ └── swing │ │ │ ├── ComparePanel.form │ │ │ └── ComparePanel.java │ ├── extensions │ │ ├── Extensions.java │ │ ├── ExtensionsModel.java │ │ └── swing │ │ │ ├── ExtensionsPanel.form │ │ │ └── ExtensionsPanel.java │ ├── fragments │ │ ├── FileSystemStore.java │ │ ├── FragmentListener.java │ │ ├── Fragments.java │ │ ├── FragmentsModel.java │ │ ├── FragmentsStore.java │ │ └── swing │ │ │ ├── FragmentsFrame.form │ │ │ ├── FragmentsFrame.java │ │ │ ├── FragmentsPanel.form │ │ │ └── FragmentsPanel.java │ ├── fuzz │ │ ├── FuzzFactory.java │ │ ├── FuzzSource.java │ │ ├── Fuzzer.java │ │ ├── FuzzerEvent.java │ │ ├── FuzzerListener.java │ │ ├── FuzzerModel.java │ │ ├── Parameter.java │ │ ├── RegexSource.java │ │ ├── Signature.java │ │ ├── sql.txt │ │ ├── swing │ │ │ ├── FuzzerPanel.form │ │ │ └── FuzzerPanel.java │ │ └── xss.txt │ ├── identity │ │ ├── CookieTokenParser.java │ │ ├── FileSystemStore.java │ │ ├── Identity.java │ │ ├── IdentityModel.java │ │ ├── IdentityStore.java │ │ ├── ScriptableIdentity.java │ │ ├── TokenParser.java │ │ ├── Transition.java │ │ └── swing │ │ │ ├── IdentityPanel.java │ │ │ └── SelectTokenDialog.java │ ├── manualrequest │ │ ├── ManualRequest.java │ │ ├── ManualRequestModel.java │ │ ├── ManualRequestUI.java │ │ └── swing │ │ │ ├── ManualRequestPanel.form │ │ │ └── ManualRequestPanel.java │ ├── openid │ │ ├── AXFetchRequestAttribute.java │ │ ├── AXFetchResponseAttribute.java │ │ ├── OpenId.java │ │ ├── OpenIdHTTPClient.java │ │ ├── OpenIdModel.java │ │ ├── OpenIdProxy.java │ │ ├── OpenIdProxyConfig.java │ │ ├── PAPEResponse.java │ │ └── swing │ │ │ ├── AXFetchRequestTableModel.java │ │ │ ├── AXFetchResponseTableModel.java │ │ │ ├── AssociationOPUrlAction.java │ │ │ ├── AssociationSessionComboBoxModel.java │ │ │ ├── AssociationTableModel.java │ │ │ ├── OpenIdPanel.form │ │ │ ├── OpenIdPanel.java │ │ │ └── ParametersTableModel.java │ ├── proxy │ │ ├── BeanShell.java │ │ ├── BeanShellUI.java │ │ ├── BrowserCache.java │ │ ├── ConnectionHandler.java │ │ ├── CookieTracker.java │ │ ├── Listener.java │ │ ├── ListenerSpec.java │ │ ├── ManualEdit.java │ │ ├── ManualEditUI.java │ │ ├── Proxy.java │ │ ├── ProxyPlugin.java │ │ ├── ProxyUI.java │ │ ├── RevealHidden.java │ │ ├── SSLSocketFactoryFactory.java │ │ ├── ScriptableConnection.java │ │ └── swing │ │ │ ├── BeanShellPanel.form │ │ │ ├── BeanShellPanel.java │ │ │ ├── ListenerTableModel.java │ │ │ ├── ManualEditFrame.form │ │ │ ├── ManualEditFrame.java │ │ │ ├── ManualEditPanel.form │ │ │ ├── ManualEditPanel.java │ │ │ ├── MiscPanel.form │ │ │ ├── MiscPanel.java │ │ │ ├── ProxyPanel.form │ │ │ ├── ProxyPanel.java │ │ │ └── ProxyPluginUI.java │ ├── saml │ │ ├── Occurences.java │ │ ├── Saml.java │ │ ├── SamlCertificateRepository.java │ │ ├── SamlHTTPClient.java │ │ ├── SamlModel.java │ │ ├── SamlProxy.java │ │ ├── SamlProxyConfig.java │ │ ├── SamlProxyListener.java │ │ ├── SamlSignatureException.java │ │ ├── SignatureType.java │ │ ├── VerifyReference.java │ │ ├── Wrapper.java │ │ └── swing │ │ │ ├── AttributesTableModel.java │ │ │ ├── CertPathTreeModel.java │ │ │ ├── OpenBrowserAction.java │ │ │ ├── SamlExportConversationAction.java │ │ │ ├── SamlPanel.form │ │ │ ├── SamlPanel.java │ │ │ └── SamlReplayConversationAction.java │ ├── scripted │ │ ├── Scripted.java │ │ ├── ScriptedObjectModel.java │ │ ├── ScriptedUI.java │ │ ├── script.bsh │ │ └── swing │ │ │ ├── ScriptedPanel.form │ │ │ └── ScriptedPanel.java │ ├── search │ │ ├── Search.java │ │ ├── SearchModel.java │ │ └── swing │ │ │ ├── SearchPanel.form │ │ │ └── SearchPanel.java │ ├── sessionid │ │ ├── Calculator.java │ │ ├── DefaultCalculator.java │ │ ├── FileSystemStore.java │ │ ├── SessionID.java │ │ ├── SessionIDAnalysis.java │ │ ├── SessionIDAnalysisUI.java │ │ ├── SessionIDListener.java │ │ ├── SessionIDModel.java │ │ ├── SessionIDStore.java │ │ └── swing │ │ │ ├── BigRenderer.java │ │ │ ├── SessionIDPanel.form │ │ │ └── SessionIDPanel.java │ ├── spider │ │ ├── Link.java │ │ ├── Spider.java │ │ ├── SpiderModel.java │ │ ├── SpiderUI.java │ │ └── swing │ │ │ ├── SpiderPanel.form │ │ │ └── SpiderPanel.java │ ├── wsfed │ │ ├── WSFederation.java │ │ ├── WSFederationModel.java │ │ └── swing │ │ │ ├── ParametersTableModel.java │ │ │ ├── WSFederationPanel.form │ │ │ └── WSFederationPanel.java │ └── xsscrlf │ │ ├── XSSCRLF.java │ │ ├── XSSCRLFModel.java │ │ └── swing │ │ ├── XSSCRLFPanel.form │ │ └── XSSCRLFPanel.java │ ├── ui │ └── swing │ │ ├── CertificateManager.form │ │ ├── CertificateManager.java │ │ ├── ColumnWidthTracker.java │ │ ├── ContentPanel.form │ │ ├── ContentPanel.java │ │ ├── ConversationListModel.java │ │ ├── ConversationPanel.form │ │ ├── ConversationPanel.java │ │ ├── ConversationRenderer.java │ │ ├── ConversationTableModel.java │ │ ├── CookieJarViewer.form │ │ ├── CookieJarViewer.java │ │ ├── CredentialManagerFrame.form │ │ ├── CredentialManagerFrame.java │ │ ├── CredentialRequestDialog.form │ │ ├── CredentialRequestDialog.java │ │ ├── DateRenderer.java │ │ ├── EnabledBooleanTableCellRenderer.java │ │ ├── HeaderPanel.form │ │ ├── HeaderPanel.java │ │ ├── Lite.form │ │ ├── Lite.java │ │ ├── MessagePanel.form │ │ ├── MessagePanel.java │ │ ├── ProxyConfig.form │ │ ├── ProxyConfig.java │ │ ├── RequestPanel.form │ │ ├── RequestPanel.java │ │ ├── ResponsePanel.form │ │ ├── ResponsePanel.java │ │ ├── ScriptManagerFrame.form │ │ ├── ScriptManagerFrame.java │ │ ├── ShowConversationAction.java │ │ ├── SummaryPanel.form │ │ ├── SummaryPanel.java │ │ ├── SwingPluginUI.java │ │ ├── TagConversationAction.java │ │ ├── TranscoderFrame.form │ │ ├── TranscoderFrame.java │ │ ├── UIFramework.form │ │ ├── UIFramework.java │ │ ├── UrlFilteredConversationModel.java │ │ ├── UrlTreeModelAdapter.java │ │ ├── UrlTreeRenderer.java │ │ ├── UrlTreeTableModelAdapter.java │ │ ├── WebScarabUI.java │ │ └── editors │ │ ├── AMFPanel.java │ │ ├── ByteArrayEditor.java │ │ ├── EditorFactory.java │ │ ├── HTMLPanel.form │ │ ├── HTMLPanel.java │ │ ├── HexPanel.form │ │ ├── HexPanel.java │ │ ├── ImagePanel.form │ │ ├── ImagePanel.java │ │ ├── MultiPartPanel.form │ │ ├── MultiPartPanel.java │ │ ├── MyHTMLEditorKit.java │ │ ├── ObjectPanel.form │ │ ├── ObjectPanel.java │ │ ├── RegexSearcher.java │ │ ├── SearchDialog.form │ │ ├── SearchDialog.java │ │ ├── SerializedObjectPanel.java │ │ ├── TextPanel.form │ │ ├── TextPanel.java │ │ ├── UrlEncodedPanel.form │ │ ├── UrlEncodedPanel.java │ │ ├── XMLPanel.form │ │ └── XMLPanel.java │ ├── util │ ├── CharsetUtils.java │ ├── DOMHandler.java │ ├── Diff.java │ ├── Encoding.java │ ├── Glob.java │ ├── HtmlEncoder.java │ ├── LevenshteinDistance.java │ ├── LogInputStream.java │ ├── LogOutputStream.java │ ├── MRUCache.java │ ├── NullComparator.java │ ├── RFC2822.java │ ├── ReentrantReaderPreferenceReadWriteLock.java │ ├── RegexExpansion.java │ ├── RequestConverter.java │ ├── SunCertificateUtils.java │ ├── TempDir.java │ ├── TextFormatter.java │ ├── W32WinInet.c │ ├── W32WinInet.java │ └── swing │ │ ├── AbstractTreeModel.java │ │ ├── ColumnDataEvent.java │ │ ├── ColumnDataListener.java │ │ ├── ColumnDataModel.java │ │ ├── DOMTreeModel.java │ │ ├── DiffPanel.java │ │ ├── DocumentHandler.java │ │ ├── DocumentOutputStream.java │ │ ├── ExceptionHandler.form │ │ ├── ExceptionHandler.java │ │ ├── ExtensibleTableModel.java │ │ ├── GloballyContextSensitiveAction.java │ │ ├── HeapMonitor.java │ │ ├── JTreeTable.java │ │ ├── ListComboBoxModel.java │ │ ├── MultiLineCellRenderer.java │ │ ├── MultiLineTreeCellRenderer.java │ │ ├── NoWrapEditorKit.java │ │ ├── ProgrammaticConversationColumnDataModel.java │ │ ├── SwingWorker.java │ │ ├── TableSorter.java │ │ ├── TextComponentContextMenu.java │ │ ├── TreeUtil.java │ │ └── treetable │ │ ├── AbstractCellEditor.java │ │ ├── AbstractTreeTableModel.java │ │ ├── DefaultTreeTableModel.java │ │ ├── TreeTableModel.java │ │ ├── TreeTableModelAdapter.java │ │ └── TreeTableModelEvent.java │ └── webscarab_logo.gif ├── test ├── java │ └── test │ │ └── unit │ │ └── org │ │ └── owasp │ │ └── webscarab │ │ ├── plugin │ │ └── saml │ │ │ └── SamlTest.java │ │ └── util │ │ └── SunCertificateUtilsTest.java └── resources │ ├── log4j.xml │ └── test-saml-response-encrypted-attribute.xml └── webscarab_logo.gif /.gitignore: -------------------------------------------------------------------------------- 1 | .classpath 2 | .externalToolBuilders/ 3 | .keystore 4 | .project 5 | maven-eclipse.xml 6 | nbactions.xml 7 | target/ 8 | build/ 9 | dist/ 10 | doc/ 11 | webscarab*.jar 12 | *~ 13 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- 1 | Please see http://dawes.za.net/gitweb.cgi?p=rogan/webscarab/webscarab.git;a=summary 2 | for an up to date list of changes to WebScarab 3 | -------------------------------------------------------------------------------- /INSTALL: -------------------------------------------------------------------------------- 1 | /* 2 | * $Source: /cvsroot/owasp/webscarab/INSTALL,v $ 3 | * Copyright (c) 2002 owasp.org. 4 | * This file is part of WebScarab. 5 | * WebScarab is free software; you can redistribute it and/or modify 6 | * it under the terms of the GNU General Public License as published by 7 | * the Free Software Foundation; either version 2 of the License, or 8 | * (at your option) any later version. 9 | * 10 | * WebScarab is distributed in the hope that it will be useful, 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | * GNU General Public License for more details. 14 | * 15 | * The valid license text for this file can be retrieved with 16 | * the call: java -cp owasp.jar org.owasp.webscarab.LICENSE 17 | * 18 | * If you are not able to view the LICENSE that way, which should 19 | * always be possible within a valid and working WebScarab release, 20 | * please write to the Free Software Foundation, Inc., 21 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 22 | */ 23 | 24 | This is the WebScarab OpenSource project, hosted at 25 | http://www.owasp.org/webscarab. 26 | All source code and development stuff is done under 27 | http://sourceforge.net/projects/owasp 28 | 29 | Prior to building WebScarab, you should download the various 30 | libraries that it depends on. You can see the list in the ant build.xml 31 | file, in this directory. If you got this file by checking out the source 32 | from the WebScarab CVS repository, you should have the required libraries 33 | already. 34 | 35 | WebScarab uses the Apache Ant build tool. In order to build WebScarab, you 36 | should use a reasonably recent version of Ant. 37 | 38 | There are two Ant build tasks that depend on external tools, IzPack and 39 | ProGuard. You are only likely to need these tools if you plan to build 40 | redistributable images of WebScarab. i.e. an installer, or the self-contained 41 | jar. There should be no problem running the common build tasks if you do not 42 | have these external tools. 43 | 44 | // end of $Source: /cvsroot/owasp/webscarab/INSTALL,v $ 45 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | This is the WebScarab OpenSource project, hosted at 2 | http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project 3 | 4 | It aims to become a tool that may be used automatically or interactively 5 | to test web applications for their security. 6 | WebScarab is written in 100% pure java and designed using a fairly clean 7 | set of interfaces to allow for removal and substitution of existing 8 | components, or addition of new analysis systems. 9 | 10 | For more details, please see the URL above. 11 | -------------------------------------------------------------------------------- /doc/certificates.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |
5 |WebScarab reads certificates stored in the PKCS12 format, which can be created 10 | or converted to by tools such as OpenSSL. PKCS12 is also one of the formats that 11 | Internet Explorer and Mozilla/Navigator, etc can import and export.
12 |Since the PKCS12 format requires a password, WebScarab uses a password of 13 | "password" (without the quotes). This password is hard-coded into the source of WebScarab.
14 |Note that this is not an important password, so there is no point in changing it!
15 |If you decide you want to create your own certificates, for whatever reason, 16 | here are some instructions for doing so using OpenSSL:
17 |First create the private key:
18 |19 | openssl genrsa 1024 > server.key 20 |21 |
Then create the corresponding self-signed certificate:
22 |23 | openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.crt 24 |25 |
Finally, wrap both the key and the certificate into a PKCS12 formatted file:
26 |27 | openssl pkcs12 -export -out server.p12 -in server.crt -inkey server.key -name "WebScarab" 28 |29 |
Place the resulting "server.p12" file in the root of the webscarab 30 | installation directory, in place of the existing server.p12 file
31 |Initial support for client certificates exists now, so you should be 32 | able to do similar operations for the client certificate and keys, 33 | calling the file "client.p12"
34 |35 | NOTE that WebScarab looks for the certificate and key files IN the 36 | webscarab.jar, so you will have to rebuild the jar file with your 37 | updated certificate files, otherwise they will not be used!
38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /doc/userguide/proxies.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/doc/userguide/proxies.png -------------------------------------------------------------------------------- /doc/userguide/tools.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 |This menu allows you to specify any upstream proxies that may be 10 | required to access the target websites. You can specify different 11 | proxies for HTTP and HTTPS. The proxy exclusion list DOES NOT WORK YET, 12 | due to the developers not needing this functionality. If you need it, 13 | please have a go at implementing it yourself, and send patches to the 14 | developers.
15 |This displays a "Shared Cookie jar". This cookie jar is shared 17 | between 18 | the Proxy, Spider and Manual Request plugins. The various cookies are 19 | available in a drop-down list, and the main table shows what values 20 | that cookie has had in the past.
21 |The Proxy plugin can be configured to record all cookies that it 22 | sees 23 | from the servers, and insert those cookies into requests that "should" 24 | have them. This may be useful if you are using multiple browsers, and 25 | want to share a session between them. Be careful, since flushing 26 | cookies from the browser may not have the effect that you expect, since 27 | WebScarab will insert the most recent cookie it knows about into the 28 | requests that it sees. (This can be disabled.)
29 |The Spider plugin can also use these cookies when automatically 30 | traversing a site.
31 |The Manual Request plugin has buttons allowing the user to 32 | automatically insert the appropriate cookies into the request, as well 33 | as extracting cookies from any responses.
34 |The Transcoder is a utility window that allows the user to perform 36 | certain manipulations of text. Examples include URL-encoding and 37 | decoding, Base64-encoding and decoding, and MD5 and SHA1 hashes. Data 38 | can be copied to and from the clipboard, and there is also undo/redo 39 | functionality available on the Edit menu.
40 |WebScarab can store certain configuration options in a properties 42 | file. 43 | This is called WebScarab.properties, and is located in your home 44 | directory (~/ on Unix, and usually Documents and Setting\username\ on 45 | Win32). Examples of data that is saved include upstream Proxy settings, 46 | and settings for various plugins. This properties file is read on 47 | startup if it exists, but is only saved when this option is explicitly 48 | selected.
49 | 50 | 51 | -------------------------------------------------------------------------------- /frozenlibs/chardet-1.0.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/frozenlibs/chardet-1.0.jar -------------------------------------------------------------------------------- /frozenlibs/chardet:chardet:jar:1.0: -------------------------------------------------------------------------------- 1 | chardet-1.0.jar -------------------------------------------------------------------------------- /frozenlibs/htmlparser-1.5.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/frozenlibs/htmlparser-1.5.jar -------------------------------------------------------------------------------- /frozenlibs/htmlparser:htmlparser:jar:1.5: -------------------------------------------------------------------------------- 1 | htmlparser-1.5.jar -------------------------------------------------------------------------------- /installer/README: -------------------------------------------------------------------------------- 1 | This installer uses IzPack from www.izforge.com 2 | -------------------------------------------------------------------------------- /installer/izpack.xml: -------------------------------------------------------------------------------- 1 |StoreException
with the specified detail message.
62 | * @param msg the detail message.
63 | */
64 | public StoreException(String msg) {
65 | super(msg);
66 | }
67 |
68 | public StoreException(String msg, Throwable cause) {
69 | super(msg, cause);
70 | }
71 |
72 | }
73 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/model/UrlEvent.java:
--------------------------------------------------------------------------------
1 | /*
2 | * UrlEvent.java
3 | *
4 | * Created on 13 April 2005, 04:03
5 | */
6 |
7 | package org.owasp.webscarab.model;
8 |
9 | import java.util.EventObject;
10 |
11 | /**
12 | *
13 | * @author rogan
14 | */
15 | public class UrlEvent extends EventObject {
16 |
17 | /**
18 | *
19 | */
20 | private static final long serialVersionUID = -2563329935372684632L;
21 | private HttpUrl _url;
22 | private int _position;
23 |
24 | /** Creates a new instance of UrlEvent */
25 | public UrlEvent(Object source, HttpUrl url, int position) {
26 | super(source);
27 | _url = url;
28 | _position = position;
29 | }
30 |
31 | public HttpUrl getUrl() {
32 | return _url;
33 | }
34 |
35 | public int getPosition() {
36 | return _position;
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/model/UrlListener.java:
--------------------------------------------------------------------------------
1 | /*
2 | * UrlListener.java
3 | *
4 | * Created on 13 April 2005, 04:01
5 | */
6 |
7 | package org.owasp.webscarab.model;
8 |
9 | import java.util.EventListener;
10 |
11 | /**
12 | *
13 | * @author rogan
14 | */
15 | public interface UrlListener extends EventListener {
16 |
17 | void urlAdded(UrlEvent evt);
18 |
19 | void urlChanged(UrlEvent evt);
20 |
21 | void urlRemoved(UrlEvent evt);
22 |
23 | void urlsChanged();
24 |
25 | }
26 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/model/UrlModel.java:
--------------------------------------------------------------------------------
1 | /*
2 | * UrlModel.java
3 | *
4 | * Created on 13 April 2005, 03:58
5 | */
6 |
7 | package org.owasp.webscarab.model;
8 |
9 | import EDU.oswego.cs.dl.util.concurrent.Sync;
10 |
11 | /**
12 | *
13 | * @author rogan
14 | */
15 | public interface UrlModel {
16 |
17 | int getChildCount(HttpUrl parent);
18 |
19 | HttpUrl getChildAt(HttpUrl parent, int index);
20 |
21 | int getIndexOf(HttpUrl url);
22 |
23 | Sync readLock();
24 |
25 | void addUrlListener(UrlListener listener);
26 |
27 | void removeUrlListener(UrlListener listener);
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/parser/ContentParser.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * ContentParser.java
36 | *
37 | * Created on June 24, 2004, 11:42 PM
38 | */
39 |
40 | package org.owasp.webscarab.parser;
41 |
42 | import org.owasp.webscarab.model.Message;
43 | import org.owasp.webscarab.model.HttpUrl;
44 |
45 | /**
46 | * The methods required by a class that can parse the content of a message
47 | * @author knoppix
48 | */
49 | public interface ContentParser {
50 |
51 |
52 | /**
53 | * parses the body of the message, and returns a parsed representation
54 | * @param message the Message to parse
55 | * @return the parsed representation of the message body
56 | */
57 | Object parseMessage(HttpUrl url, Message message);
58 |
59 | }
60 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/BasicCredential.java:
--------------------------------------------------------------------------------
1 | /*
2 | * BasicCredential.java
3 | *
4 | * Created on 04 January 2006, 09:20
5 | *
6 | * To change this template, choose Tools | Options and locate the template under
7 | * the Source Creation and Management node. Right-click the template and choose
8 | * Open. You can then make changes to the template in the Source Editor.
9 | */
10 |
11 | package org.owasp.webscarab.plugin;
12 |
13 | /**
14 | *
15 | * @author rdawes
16 | */
17 | public class BasicCredential {
18 |
19 | private String _host;
20 | private String _realm;
21 | private String _username;
22 | private String _password;
23 |
24 | /**
25 | * Creates a new instance of BasicCredential
26 | */
27 | public BasicCredential(String host, String realm, String username, String password) {
28 | _host = host;
29 | _realm = realm;
30 | _username = username;
31 | _password = password;
32 | }
33 |
34 | public String getHost() {
35 | return _host;
36 | }
37 |
38 | public String getRealm() {
39 | return _realm;
40 | }
41 |
42 | public String getUsername() {
43 | return _username;
44 | }
45 |
46 | public String getPassword() {
47 | return _password;
48 | }
49 |
50 | }
51 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/CredentialManagerUI.java:
--------------------------------------------------------------------------------
1 | /*
2 | * CredentialManagerUI.java
3 | *
4 | * Created on 04 January 2006, 09:09
5 | *
6 | * To change this template, choose Tools | Options and locate the template under
7 | * the Source Creation and Management node. Right-click the template and choose
8 | * Open. You can then make changes to the template in the Source Editor.
9 | */
10 |
11 | package org.owasp.webscarab.plugin;
12 |
13 | /**
14 | *
15 | * @author rdawes
16 | */
17 | public interface CredentialManagerUI {
18 |
19 | void requestCredentials(String host, String[] challenges);
20 |
21 | }
22 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/DomainCredential.java:
--------------------------------------------------------------------------------
1 | /*
2 | * DomainCredential.java
3 | *
4 | * Created on 04 January 2006, 09:23
5 | *
6 | * To change this template, choose Tools | Options and locate the template under
7 | * the Source Creation and Management node. Right-click the template and choose
8 | * Open. You can then make changes to the template in the Source Editor.
9 | */
10 |
11 | package org.owasp.webscarab.plugin;
12 |
13 | /**
14 | *
15 | * @author rdawes
16 | */
17 | public class DomainCredential {
18 |
19 | private String _host;
20 | private String _domain;
21 | private String _username;
22 | private String _password;
23 |
24 | /** Creates a new instance of DomainCredential */
25 | public DomainCredential(String host, String domain, String username, String password) {
26 | _host = host;
27 | _domain = domain;
28 | _username = username;
29 | _password = password;
30 | }
31 |
32 | public String getHost() {
33 | return _host;
34 | }
35 |
36 | public String getDomain() {
37 | return _domain;
38 | }
39 |
40 | public String getUsername() {
41 | return _username;
42 | }
43 |
44 | public String getPassword() {
45 | return _password;
46 | }
47 |
48 | }
49 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/FrameworkUI.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * FrameworkUI.java
36 | *
37 | * Created on September 7, 2004, 6:00 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin;
41 |
42 | /**
43 | * specifies the interface between framework and its user interface
44 | * @author knoppix
45 | */
46 | public interface FrameworkUI {
47 |
48 |
49 | }
50 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/Hook.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Hook.java
3 | *
4 | * Created on 07 January 2005, 05:19
5 | */
6 |
7 | package org.owasp.webscarab.plugin;
8 |
9 | import java.util.List;
10 | import java.util.ArrayList;
11 | import java.util.logging.Logger;
12 |
13 | import org.apache.bsf.BSFManager;
14 | import org.apache.bsf.BSFException;
15 |
16 | /**
17 | *
18 | * @author rogan
19 | */
20 | public class Hook {
21 |
22 | private String _name;
23 | private String _description;
24 | private List
9 | &{[code]};
10 |