├── .gitignore
├── 1st.html
├── ChangeLog
├── INSTALL
├── LICENSE
├── LICENSE.md
├── README
├── WebScarab.jnlp
├── build.xml
├── doc
├── WebScarab-Howto.txt
├── architecture.html
├── cert.sh
├── certificates.html
└── userguide
│ ├── proxies.png
│ ├── swing.xml
│ ├── tools.html
│ └── using.html
├── frozenlibs
├── chardet-1.0.jar
├── chardet:chardet:jar:1.0
├── htmlparser-1.5.jar
└── htmlparser:htmlparser:jar:1.5
├── installer
├── README
├── izpack.xml
├── shortcutSpec.xml
└── useNativeLAF
├── izpack
├── install.xml
└── shortcutSpec.xml
├── lib
├── W32WinInet.dll
├── bcpkix-jdk15on-148.jar
├── bcprov-jdk15on-148.jar
├── bsf-2.3.0.jar
├── bsh-2.0b1.jar
├── chardet.jar
├── commons-logging-1.0.4.jar
├── concurrent.jar
├── flex-messaging-common.jar
├── flex-messaging-core.jar
├── flex-messaging-remoting.jar
├── help.jnlp
├── htmlparser.jar
├── jcifs-1.3.14.jar
├── jcommon-1.0.16.jar
├── jfreechart-1.0.13.jar
├── jhall-2.0_02.jar
├── joda-time-2.1.jar
├── openamf.jar
├── openid4java-0.9.7.jar
├── p11-capi.dll
├── tagsoup-1.0rc2.jar
├── xalan-2.7.1.jar
└── xmlsec-1.4.3.jar
├── pom.xml
├── scripts
├── forcebrowse.bsh
├── google-get.bsh
├── hacmebank-login-sequential.bsh
├── hacmebank-login.bsh
├── hacmebank-post-message.bsh
├── multipartify.bsh
├── no-images.bsh
└── webgoat-session-brute.bsh
├── server.p12
├── src
├── javax
│ └── net
│ │ └── ssl
│ │ └── X509ExtendedTrustManager.java
├── no
│ └── geosoft
│ │ └── cc
│ │ └── ui
│ │ └── SplashScreen.java
└── org
│ └── owasp
│ └── webscarab
│ ├── LICENSE.java
│ ├── Main.java
│ ├── WebScarab.java
│ ├── httpclient
│ ├── AbstractCertificateRepository.java
│ ├── AliasKeyManager.java
│ ├── Authenticator.java
│ ├── CertificateRepository.java
│ ├── ChunkedInputStream.java
│ ├── ChunkedOutputStream.java
│ ├── ClientTrustManager.java
│ ├── ConversationHandler.java
│ ├── FetcherQueue.java
│ ├── FixedLengthInputStream.java
│ ├── HTTPClient.java
│ ├── HTTPClientFactory.java
│ ├── SSLContextManager.java
│ └── URLFetcher.java
│ ├── model
│ ├── AbstractConversationModel.java
│ ├── AbstractUrlModel.java
│ ├── ConversationEvent.java
│ ├── ConversationID.java
│ ├── ConversationListener.java
│ ├── ConversationModel.java
│ ├── Cookie.java
│ ├── FileSystemStore.java
│ ├── FilteredConversationModel.java
│ ├── FilteredUrlModel.java
│ ├── FrameworkEvent.java
│ ├── FrameworkListener.java
│ ├── FrameworkModel.java
│ ├── HttpUrl.java
│ ├── Message.java
│ ├── MultiPartContent.java
│ ├── NamedValue.java
│ ├── Preferences.java
│ ├── Request.java
│ ├── Response.java
│ ├── SiteModelStore.java
│ ├── StoreException.java
│ ├── UrlEvent.java
│ ├── UrlListener.java
│ └── UrlModel.java
│ ├── parser
│ ├── ContentParser.java
│ ├── HTMLParser.java
│ └── Parser.java
│ ├── plugin
│ ├── AbstractPluginModel.java
│ ├── BasicCredential.java
│ ├── CredentialManager.java
│ ├── CredentialManagerUI.java
│ ├── DomainCredential.java
│ ├── Framework.java
│ ├── FrameworkModelWrapper.java
│ ├── FrameworkUI.java
│ ├── Hook.java
│ ├── Plugin.java
│ ├── PluginUI.java
│ ├── SSLKeyManager.java
│ ├── Script.java
│ ├── ScriptListener.java
│ ├── ScriptManager.java
│ ├── ScriptableConversation.java
│ ├── compare
│ │ ├── Compare.java
│ │ ├── CompareModel.java
│ │ └── swing
│ │ │ ├── ComparePanel.form
│ │ │ └── ComparePanel.java
│ ├── extensions
│ │ ├── Extensions.java
│ │ ├── ExtensionsModel.java
│ │ └── swing
│ │ │ ├── ExtensionsPanel.form
│ │ │ └── ExtensionsPanel.java
│ ├── fragments
│ │ ├── FileSystemStore.java
│ │ ├── FragmentListener.java
│ │ ├── Fragments.java
│ │ ├── FragmentsModel.java
│ │ ├── FragmentsStore.java
│ │ └── swing
│ │ │ ├── FragmentsFrame.form
│ │ │ ├── FragmentsFrame.java
│ │ │ ├── FragmentsPanel.form
│ │ │ └── FragmentsPanel.java
│ ├── fuzz
│ │ ├── FuzzFactory.java
│ │ ├── FuzzSource.java
│ │ ├── Fuzzer.java
│ │ ├── FuzzerEvent.java
│ │ ├── FuzzerListener.java
│ │ ├── FuzzerModel.java
│ │ ├── Parameter.java
│ │ ├── RegexSource.java
│ │ ├── Signature.java
│ │ ├── sql.txt
│ │ ├── swing
│ │ │ ├── FuzzerPanel.form
│ │ │ └── FuzzerPanel.java
│ │ └── xss.txt
│ ├── identity
│ │ ├── CookieTokenParser.java
│ │ ├── FileSystemStore.java
│ │ ├── Identity.java
│ │ ├── IdentityModel.java
│ │ ├── IdentityStore.java
│ │ ├── ScriptableIdentity.java
│ │ ├── TokenParser.java
│ │ ├── Transition.java
│ │ └── swing
│ │ │ ├── IdentityPanel.java
│ │ │ └── SelectTokenDialog.java
│ ├── manualrequest
│ │ ├── ManualRequest.java
│ │ ├── ManualRequestModel.java
│ │ ├── ManualRequestUI.java
│ │ └── swing
│ │ │ ├── ManualRequestPanel.form
│ │ │ └── ManualRequestPanel.java
│ ├── openid
│ │ ├── AXFetchRequestAttribute.java
│ │ ├── AXFetchResponseAttribute.java
│ │ ├── OpenId.java
│ │ ├── OpenIdHTTPClient.java
│ │ ├── OpenIdModel.java
│ │ ├── OpenIdProxy.java
│ │ ├── OpenIdProxyConfig.java
│ │ ├── PAPEResponse.java
│ │ └── swing
│ │ │ ├── AXFetchRequestTableModel.java
│ │ │ ├── AXFetchResponseTableModel.java
│ │ │ ├── AssociationOPUrlAction.java
│ │ │ ├── AssociationSessionComboBoxModel.java
│ │ │ ├── AssociationTableModel.java
│ │ │ ├── OpenIdPanel.form
│ │ │ ├── OpenIdPanel.java
│ │ │ └── ParametersTableModel.java
│ ├── proxy
│ │ ├── BeanShell.java
│ │ ├── BeanShellUI.java
│ │ ├── BrowserCache.java
│ │ ├── ConnectionHandler.java
│ │ ├── CookieTracker.java
│ │ ├── Listener.java
│ │ ├── ListenerSpec.java
│ │ ├── ManualEdit.java
│ │ ├── ManualEditUI.java
│ │ ├── Proxy.java
│ │ ├── ProxyPlugin.java
│ │ ├── ProxyUI.java
│ │ ├── RevealHidden.java
│ │ ├── SSLSocketFactoryFactory.java
│ │ ├── ScriptableConnection.java
│ │ └── swing
│ │ │ ├── BeanShellPanel.form
│ │ │ ├── BeanShellPanel.java
│ │ │ ├── ListenerTableModel.java
│ │ │ ├── ManualEditFrame.form
│ │ │ ├── ManualEditFrame.java
│ │ │ ├── ManualEditPanel.form
│ │ │ ├── ManualEditPanel.java
│ │ │ ├── MiscPanel.form
│ │ │ ├── MiscPanel.java
│ │ │ ├── ProxyPanel.form
│ │ │ ├── ProxyPanel.java
│ │ │ └── ProxyPluginUI.java
│ ├── saml
│ │ ├── Occurences.java
│ │ ├── Saml.java
│ │ ├── SamlCertificateRepository.java
│ │ ├── SamlHTTPClient.java
│ │ ├── SamlModel.java
│ │ ├── SamlProxy.java
│ │ ├── SamlProxyConfig.java
│ │ ├── SamlProxyListener.java
│ │ ├── SamlSignatureException.java
│ │ ├── SignatureType.java
│ │ ├── VerifyReference.java
│ │ ├── Wrapper.java
│ │ └── swing
│ │ │ ├── AttributesTableModel.java
│ │ │ ├── CertPathTreeModel.java
│ │ │ ├── OpenBrowserAction.java
│ │ │ ├── SamlExportConversationAction.java
│ │ │ ├── SamlPanel.form
│ │ │ ├── SamlPanel.java
│ │ │ └── SamlReplayConversationAction.java
│ ├── scripted
│ │ ├── Scripted.java
│ │ ├── ScriptedObjectModel.java
│ │ ├── ScriptedUI.java
│ │ ├── script.bsh
│ │ └── swing
│ │ │ ├── ScriptedPanel.form
│ │ │ └── ScriptedPanel.java
│ ├── search
│ │ ├── Search.java
│ │ ├── SearchModel.java
│ │ └── swing
│ │ │ ├── SearchPanel.form
│ │ │ └── SearchPanel.java
│ ├── sessionid
│ │ ├── Calculator.java
│ │ ├── DefaultCalculator.java
│ │ ├── FileSystemStore.java
│ │ ├── SessionID.java
│ │ ├── SessionIDAnalysis.java
│ │ ├── SessionIDAnalysisUI.java
│ │ ├── SessionIDListener.java
│ │ ├── SessionIDModel.java
│ │ ├── SessionIDStore.java
│ │ └── swing
│ │ │ ├── BigRenderer.java
│ │ │ ├── SessionIDPanel.form
│ │ │ └── SessionIDPanel.java
│ ├── spider
│ │ ├── Link.java
│ │ ├── Spider.java
│ │ ├── SpiderModel.java
│ │ ├── SpiderUI.java
│ │ └── swing
│ │ │ ├── SpiderPanel.form
│ │ │ └── SpiderPanel.java
│ ├── wsfed
│ │ ├── WSFederation.java
│ │ ├── WSFederationModel.java
│ │ └── swing
│ │ │ ├── ParametersTableModel.java
│ │ │ ├── WSFederationPanel.form
│ │ │ └── WSFederationPanel.java
│ └── xsscrlf
│ │ ├── XSSCRLF.java
│ │ ├── XSSCRLFModel.java
│ │ └── swing
│ │ ├── XSSCRLFPanel.form
│ │ └── XSSCRLFPanel.java
│ ├── ui
│ └── swing
│ │ ├── CertificateManager.form
│ │ ├── CertificateManager.java
│ │ ├── ColumnWidthTracker.java
│ │ ├── ContentPanel.form
│ │ ├── ContentPanel.java
│ │ ├── ConversationListModel.java
│ │ ├── ConversationPanel.form
│ │ ├── ConversationPanel.java
│ │ ├── ConversationRenderer.java
│ │ ├── ConversationTableModel.java
│ │ ├── CookieJarViewer.form
│ │ ├── CookieJarViewer.java
│ │ ├── CredentialManagerFrame.form
│ │ ├── CredentialManagerFrame.java
│ │ ├── CredentialRequestDialog.form
│ │ ├── CredentialRequestDialog.java
│ │ ├── DateRenderer.java
│ │ ├── EnabledBooleanTableCellRenderer.java
│ │ ├── HeaderPanel.form
│ │ ├── HeaderPanel.java
│ │ ├── Lite.form
│ │ ├── Lite.java
│ │ ├── MessagePanel.form
│ │ ├── MessagePanel.java
│ │ ├── ProxyConfig.form
│ │ ├── ProxyConfig.java
│ │ ├── RequestPanel.form
│ │ ├── RequestPanel.java
│ │ ├── ResponsePanel.form
│ │ ├── ResponsePanel.java
│ │ ├── ScriptManagerFrame.form
│ │ ├── ScriptManagerFrame.java
│ │ ├── ShowConversationAction.java
│ │ ├── SummaryPanel.form
│ │ ├── SummaryPanel.java
│ │ ├── SwingPluginUI.java
│ │ ├── TagConversationAction.java
│ │ ├── TranscoderFrame.form
│ │ ├── TranscoderFrame.java
│ │ ├── UIFramework.form
│ │ ├── UIFramework.java
│ │ ├── UrlFilteredConversationModel.java
│ │ ├── UrlTreeModelAdapter.java
│ │ ├── UrlTreeRenderer.java
│ │ ├── UrlTreeTableModelAdapter.java
│ │ ├── WebScarabUI.java
│ │ └── editors
│ │ ├── AMFPanel.java
│ │ ├── ByteArrayEditor.java
│ │ ├── EditorFactory.java
│ │ ├── HTMLPanel.form
│ │ ├── HTMLPanel.java
│ │ ├── HexPanel.form
│ │ ├── HexPanel.java
│ │ ├── ImagePanel.form
│ │ ├── ImagePanel.java
│ │ ├── MultiPartPanel.form
│ │ ├── MultiPartPanel.java
│ │ ├── MyHTMLEditorKit.java
│ │ ├── ObjectPanel.form
│ │ ├── ObjectPanel.java
│ │ ├── RegexSearcher.java
│ │ ├── SearchDialog.form
│ │ ├── SearchDialog.java
│ │ ├── SerializedObjectPanel.java
│ │ ├── TextPanel.form
│ │ ├── TextPanel.java
│ │ ├── UrlEncodedPanel.form
│ │ ├── UrlEncodedPanel.java
│ │ ├── XMLPanel.form
│ │ └── XMLPanel.java
│ ├── util
│ ├── CharsetUtils.java
│ ├── DOMHandler.java
│ ├── Diff.java
│ ├── Encoding.java
│ ├── Glob.java
│ ├── HtmlEncoder.java
│ ├── LevenshteinDistance.java
│ ├── LogInputStream.java
│ ├── LogOutputStream.java
│ ├── MRUCache.java
│ ├── NullComparator.java
│ ├── RFC2822.java
│ ├── ReentrantReaderPreferenceReadWriteLock.java
│ ├── RegexExpansion.java
│ ├── RequestConverter.java
│ ├── SunCertificateUtils.java
│ ├── TempDir.java
│ ├── TextFormatter.java
│ ├── W32WinInet.c
│ ├── W32WinInet.java
│ └── swing
│ │ ├── AbstractTreeModel.java
│ │ ├── ColumnDataEvent.java
│ │ ├── ColumnDataListener.java
│ │ ├── ColumnDataModel.java
│ │ ├── DOMTreeModel.java
│ │ ├── DiffPanel.java
│ │ ├── DocumentHandler.java
│ │ ├── DocumentOutputStream.java
│ │ ├── ExceptionHandler.form
│ │ ├── ExceptionHandler.java
│ │ ├── ExtensibleTableModel.java
│ │ ├── GloballyContextSensitiveAction.java
│ │ ├── HeapMonitor.java
│ │ ├── JTreeTable.java
│ │ ├── ListComboBoxModel.java
│ │ ├── MultiLineCellRenderer.java
│ │ ├── MultiLineTreeCellRenderer.java
│ │ ├── NoWrapEditorKit.java
│ │ ├── ProgrammaticConversationColumnDataModel.java
│ │ ├── SwingWorker.java
│ │ ├── TableSorter.java
│ │ ├── TextComponentContextMenu.java
│ │ ├── TreeUtil.java
│ │ └── treetable
│ │ ├── AbstractCellEditor.java
│ │ ├── AbstractTreeTableModel.java
│ │ ├── DefaultTreeTableModel.java
│ │ ├── TreeTableModel.java
│ │ ├── TreeTableModelAdapter.java
│ │ └── TreeTableModelEvent.java
│ └── webscarab_logo.gif
├── test
├── java
│ └── test
│ │ └── unit
│ │ └── org
│ │ └── owasp
│ │ └── webscarab
│ │ ├── plugin
│ │ └── saml
│ │ │ └── SamlTest.java
│ │ └── util
│ │ └── SunCertificateUtilsTest.java
└── resources
│ ├── log4j.xml
│ └── test-saml-response-encrypted-attribute.xml
└── webscarab_logo.gif
/.gitignore:
--------------------------------------------------------------------------------
1 | .classpath
2 | .externalToolBuilders/
3 | .keystore
4 | .project
5 | maven-eclipse.xml
6 | nbactions.xml
7 | target/
8 | build/
9 | dist/
10 | doc/
11 | webscarab*.jar
12 | *~
13 |
--------------------------------------------------------------------------------
/ChangeLog:
--------------------------------------------------------------------------------
1 | Please see http://dawes.za.net/gitweb.cgi?p=rogan/webscarab/webscarab.git;a=summary
2 | for an up to date list of changes to WebScarab
3 |
--------------------------------------------------------------------------------
/INSTALL:
--------------------------------------------------------------------------------
1 | /*
2 | * $Source: /cvsroot/owasp/webscarab/INSTALL,v $
3 | * Copyright (c) 2002 owasp.org.
4 | * This file is part of WebScarab.
5 | * WebScarab is free software; you can redistribute it and/or modify
6 | * it under the terms of the GNU General Public License as published by
7 | * the Free Software Foundation; either version 2 of the License, or
8 | * (at your option) any later version.
9 | *
10 | * WebScarab is distributed in the hope that it will be useful,
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | * GNU General Public License for more details.
14 | *
15 | * The valid license text for this file can be retrieved with
16 | * the call: java -cp owasp.jar org.owasp.webscarab.LICENSE
17 | *
18 | * If you are not able to view the LICENSE that way, which should
19 | * always be possible within a valid and working WebScarab release,
20 | * please write to the Free Software Foundation, Inc.,
21 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22 | */
23 |
24 | This is the WebScarab OpenSource project, hosted at
25 | http://www.owasp.org/webscarab.
26 | All source code and development stuff is done under
27 | http://sourceforge.net/projects/owasp
28 |
29 | Prior to building WebScarab, you should download the various
30 | libraries that it depends on. You can see the list in the ant build.xml
31 | file, in this directory. If you got this file by checking out the source
32 | from the WebScarab CVS repository, you should have the required libraries
33 | already.
34 |
35 | WebScarab uses the Apache Ant build tool. In order to build WebScarab, you
36 | should use a reasonably recent version of Ant.
37 |
38 | There are two Ant build tasks that depend on external tools, IzPack and
39 | ProGuard. You are only likely to need these tools if you plan to build
40 | redistributable images of WebScarab. i.e. an installer, or the self-contained
41 | jar. There should be no problem running the common build tasks if you do not
42 | have these external tools.
43 |
44 | // end of $Source: /cvsroot/owasp/webscarab/INSTALL,v $
45 |
--------------------------------------------------------------------------------
/README:
--------------------------------------------------------------------------------
1 | This is the WebScarab OpenSource project, hosted at
2 | http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
3 |
4 | It aims to become a tool that may be used automatically or interactively
5 | to test web applications for their security.
6 | WebScarab is written in 100% pure java and designed using a fairly clean
7 | set of interfaces to allow for removal and substitution of existing
8 | components, or addition of new analysis systems.
9 |
10 | For more details, please see the URL above.
11 |
--------------------------------------------------------------------------------
/doc/certificates.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | WebScarab certificates
6 |
7 |
8 |
Creating your own certificates
9 |
WebScarab reads certificates stored in the PKCS12 format, which can be created
10 | or converted to by tools such as OpenSSL. PKCS12 is also one of the formats that
11 | Internet Explorer and Mozilla/Navigator, etc can import and export.
12 |
Since the PKCS12 format requires a password, WebScarab uses a password of
13 | "password" (without the quotes). This password is hard-coded into the source of WebScarab.
14 |
Note that this is not an important password, so there is no point in changing it!
15 |
If you decide you want to create your own certificates, for whatever reason,
16 | here are some instructions for doing so using OpenSSL:
17 |
First create the private key:
18 |
19 | openssl genrsa 1024 > server.key
20 |
21 |
Then create the corresponding self-signed certificate:
Place the resulting "server.p12" file in the root of the webscarab
30 | installation directory, in place of the existing server.p12 file
31 |
Initial support for client certificates exists now, so you should be
32 | able to do similar operations for the client certificate and keys,
33 | calling the file "client.p12"
34 |
35 | NOTE that WebScarab looks for the certificate and key files IN the
36 | webscarab.jar, so you will have to rebuild the jar file with your
37 | updated certificate files, otherwise they will not be used!
7 | The Tools menu contains the following options:
8 |
Proxies
9 |
This menu allows you to specify any upstream proxies that may be
10 | required to access the target websites. You can specify different
11 | proxies for HTTP and HTTPS. The proxy exclusion list DOES NOT WORK YET,
12 | due to the developers not needing this functionality. If you need it,
13 | please have a go at implementing it yourself, and send patches to the
14 | developers.
15 |
Shared Cookies
16 |
This displays a "Shared Cookie jar". This cookie jar is shared
17 | between
18 | the Proxy, Spider and Manual Request plugins. The various cookies are
19 | available in a drop-down list, and the main table shows what values
20 | that cookie has had in the past.
21 |
The Proxy plugin can be configured to record all cookies that it
22 | sees
23 | from the servers, and insert those cookies into requests that "should"
24 | have them. This may be useful if you are using multiple browsers, and
25 | want to share a session between them. Be careful, since flushing
26 | cookies from the browser may not have the effect that you expect, since
27 | WebScarab will insert the most recent cookie it knows about into the
28 | requests that it sees. (This can be disabled.)
29 |
The Spider plugin can also use these cookies when automatically
30 | traversing a site.
31 |
The Manual Request plugin has buttons allowing the user to
32 | automatically insert the appropriate cookies into the request, as well
33 | as extracting cookies from any responses.
34 |
Transcoder
35 |
The Transcoder is a utility window that allows the user to perform
36 | certain manipulations of text. Examples include URL-encoding and
37 | decoding, Base64-encoding and decoding, and MD5 and SHA1 hashes. Data
38 | can be copied to and from the clipboard, and there is also undo/redo
39 | functionality available on the Edit menu.
40 |
Save Configuration
41 |
WebScarab can store certain configuration options in a properties
42 | file.
43 | This is called WebScarab.properties, and is located in your home
44 | directory (~/ on Unix, and usually Documents and Setting\username\ on
45 | Win32). Examples of data that is saved include upstream Proxy settings,
46 | and settings for various plugins. This properties file is read on
47 | startup if it exists, but is only saved when this option is explicitly
48 | selected.
49 |
50 |
51 |
--------------------------------------------------------------------------------
/frozenlibs/chardet-1.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/frozenlibs/chardet-1.0.jar
--------------------------------------------------------------------------------
/frozenlibs/chardet:chardet:jar:1.0:
--------------------------------------------------------------------------------
1 | chardet-1.0.jar
--------------------------------------------------------------------------------
/frozenlibs/htmlparser-1.5.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/frozenlibs/htmlparser-1.5.jar
--------------------------------------------------------------------------------
/frozenlibs/htmlparser:htmlparser:jar:1.5:
--------------------------------------------------------------------------------
1 | htmlparser-1.5.jar
--------------------------------------------------------------------------------
/installer/README:
--------------------------------------------------------------------------------
1 | This installer uses IzPack from www.izforge.com
2 |
--------------------------------------------------------------------------------
/installer/izpack.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | WebScarab
4 | !
5 |
6 |
7 |
8 | http://owasp.org/development/webscarab
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 | The base files
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 | The documentation
48 |
49 |
50 |
51 |
52 |
53 | The sources
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
--------------------------------------------------------------------------------
/installer/shortcutSpec.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
21 |
22 |
23 |
24 |
36 |
37 |
38 |
39 |
40 |
--------------------------------------------------------------------------------
/installer/useNativeLAF:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/installer/useNativeLAF
--------------------------------------------------------------------------------
/izpack/install.xml:
--------------------------------------------------------------------------------
1 |
2 |
6 |
7 | WebScarab
8 | ${project.version}
9 | 1.6
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 | The WebScarab application
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
--------------------------------------------------------------------------------
/izpack/shortcutSpec.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
18 |
19 |
20 |
32 |
33 |
--------------------------------------------------------------------------------
/lib/W32WinInet.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/W32WinInet.dll
--------------------------------------------------------------------------------
/lib/bcpkix-jdk15on-148.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/bcpkix-jdk15on-148.jar
--------------------------------------------------------------------------------
/lib/bcprov-jdk15on-148.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/bcprov-jdk15on-148.jar
--------------------------------------------------------------------------------
/lib/bsf-2.3.0.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/bsf-2.3.0.jar
--------------------------------------------------------------------------------
/lib/bsh-2.0b1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/bsh-2.0b1.jar
--------------------------------------------------------------------------------
/lib/chardet.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/chardet.jar
--------------------------------------------------------------------------------
/lib/commons-logging-1.0.4.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/commons-logging-1.0.4.jar
--------------------------------------------------------------------------------
/lib/concurrent.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/concurrent.jar
--------------------------------------------------------------------------------
/lib/flex-messaging-common.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/flex-messaging-common.jar
--------------------------------------------------------------------------------
/lib/flex-messaging-core.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/flex-messaging-core.jar
--------------------------------------------------------------------------------
/lib/flex-messaging-remoting.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/flex-messaging-remoting.jar
--------------------------------------------------------------------------------
/lib/help.jnlp:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | JavaHelp
5 | Sun Microsystems, Inc.
6 |
7 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/lib/htmlparser.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/htmlparser.jar
--------------------------------------------------------------------------------
/lib/jcifs-1.3.14.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/jcifs-1.3.14.jar
--------------------------------------------------------------------------------
/lib/jcommon-1.0.16.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/jcommon-1.0.16.jar
--------------------------------------------------------------------------------
/lib/jfreechart-1.0.13.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/jfreechart-1.0.13.jar
--------------------------------------------------------------------------------
/lib/jhall-2.0_02.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/jhall-2.0_02.jar
--------------------------------------------------------------------------------
/lib/joda-time-2.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/joda-time-2.1.jar
--------------------------------------------------------------------------------
/lib/openamf.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/openamf.jar
--------------------------------------------------------------------------------
/lib/openid4java-0.9.7.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/openid4java-0.9.7.jar
--------------------------------------------------------------------------------
/lib/p11-capi.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/p11-capi.dll
--------------------------------------------------------------------------------
/lib/tagsoup-1.0rc2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/tagsoup-1.0rc2.jar
--------------------------------------------------------------------------------
/lib/xalan-2.7.1.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/xalan-2.7.1.jar
--------------------------------------------------------------------------------
/lib/xmlsec-1.4.3.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/OWASP/OWASP-WebScarab/d22bd604b981ae2de73cd5d39305ac25c9367d1b/lib/xmlsec-1.4.3.jar
--------------------------------------------------------------------------------
/scripts/forcebrowse.bsh:
--------------------------------------------------------------------------------
1 | import org.owasp.webscarab.model.ConversationID;
2 | import org.owasp.webscarab.model.HttpUrl;
3 | import org.owasp.webscarab.model.Request;
4 | import org.owasp.webscarab.model.Response;
5 | import java.io.BufferedReader;
6 | import java.io.FileReader;
7 | import javax.swing.JOptionPane;
8 |
9 | // We ask for a template that already has the appropriate method, version,
10 | // headers, etc defined
11 | // All we'll do is replace the URL, and send it off
12 | String templ = JOptionPane.showInputDialog("Which request shall I use for the template?");
13 | String urlfile = JOptionPane.showInputDialog("Where is the list of URLs to try?");
14 |
15 | Request template = scripted.getRequest(Integer.parseInt(templ));
16 |
17 | BufferedReader urls = new BufferedReader(new FileReader(urlfile));
18 |
19 | // This will hold the name of the next file to try
20 | // getNextRequest() will update this when we construct the request
21 | String url = urls.readLine();
22 |
23 | // modify this routine to determine when we are finished
24 | // NB: This can be called multiple times between requests, so it
25 | // should not have any side effects
26 | boolean hasMoreRequests() {
27 | return url != null;
28 | }
29 |
30 | // modify this routine to construct the next request, and update the
31 | // position in the list
32 | Request getNextRequest() {
33 | // create a copy of the template
34 | Request request = new Request(template);
35 | request.setURL(new HttpUrl(url));
36 | out.println("Trying " + url);
37 | url = urls.readLine(); // get the next one to try
38 | return request;
39 | }
40 |
41 | void gotResponse(Response response) {
42 | scripted.addConversation(response);
43 | }
44 |
45 | // call this to fetch them in parallel
46 | // the number of simultaneous connections is controlled by the Scripted plugin
47 | // It is currently hardcoded in the source at 4 simultaneous requests
48 |
49 | void fetchParallel() {
50 | while (scripted.isAsyncBusy() || hasMoreRequests()) {
51 | while (scripted.hasAsyncCapacity() && hasMoreRequests()) {
52 | scripted.submitAsyncRequest(getNextRequest());
53 | }
54 | Thread.sleep(100);
55 | while (scripted.hasAsyncResponse()) {
56 | gotResponse(scripted.getAsyncResponse());
57 | }
58 | }
59 | }
60 |
61 | fetchParallel();
62 |
63 |
64 |
--------------------------------------------------------------------------------
/scripts/multipartify.bsh:
--------------------------------------------------------------------------------
1 | /*
2 | * Multipartify.java - Quick and dirty BeanShell for WebScarab to
3 | * convert urlencoded POST HTTP requests to multipart requests.
4 | *
5 | * Copyright (C) 2007 Meder Kydyraliev
6 | *
7 | * http://o0o.nu/~meder
8 | *
9 | */
10 | import org.owasp.webscarab.model.Request;
11 | import org.owasp.webscarab.model.Response;
12 | import org.owasp.webscarab.httpclient.HTTPClient;
13 | import org.owasp.webscarab.model.NamedValue;
14 | import java.io.IOException;
15 |
16 | public Response fetchResponse(HTTPClient nextPlugin, Request request) throws IOException {
17 |
18 | private static final String contentType = "multipart/form-data; boundary=o0oo0oo0oo0oo0oo0oo0o";
19 | private static final String boundary= "\r\n--o0oo0oo0oo0oo0oo0oo0o";
20 | private static final String contentDisp= "\r\nContent-Disposition: form-data; name=";
21 |
22 | if (request.getMethod().equals("POST") && request.getContent() != null) {
23 | String body = new String(request.getContent());
24 | StringBuffer newBody = new StringBuffer();
25 | NamedValue[] postParams = NamedValue.splitNamedValues(body, "&", "=");
26 | for (int ix=0; ix < postParams.length; ix++) {
27 | newBody.append(boundary + contentDisp + "\"" + postParams[ix].getName() + "\"\r\n\r\n" + postParams[ix].getValue() + " ");
28 | }
29 | newBody.append(boundary + "--\r\n");
30 | request.setHeader("Content-Type", contentType);
31 | request.setContent(newBody.substring(2).getBytes());
32 | }
33 |
34 | response = nextPlugin.fetchResponse(request);
35 |
36 | return response;
37 | }
38 |
39 |
--------------------------------------------------------------------------------
/scripts/no-images.bsh:
--------------------------------------------------------------------------------
1 | response = conversation.getResponse();
2 | // out.println("Got a " + response.status);
3 | type=response.getHeader("Content-Type");
4 | // out.println("With content-type " + type);
5 | if (type!=null && type.startsWith("image")) {
6 | conversation.setCancelled(true);
7 | }
8 |
--------------------------------------------------------------------------------
/scripts/webgoat-session-brute.bsh:
--------------------------------------------------------------------------------
1 | import org.owasp.webscarab.model.ConversationID;
2 | import org.owasp.webscarab.model.HttpUrl;
3 | import org.owasp.webscarab.model.Request;
4 | import org.owasp.webscarab.model.Response;
5 | import javax.swing.JOptionPane;
6 |
7 | String templ = JOptionPane.showInputDialog("Which request is the template?");
8 | String seqStr = JOptionPane.showInputDialog("Enter sequence number");
9 | String startStr = JOptionPane.showInputDialog("Enter start time");
10 | String endStr = JOptionPane.showInputDialog("Enter end time");
11 |
12 | int template = Integer.parseInt(templ);
13 | long seq = Long.parseLong(seqStr);
14 | long startTime = Long.parseLong(startStr);
15 | long endTime = Long.parseLong(endStr);
16 | boolean found = false;
17 |
18 | // a counter, so we can know when to stop
19 | long time = startTime;
20 |
21 | // call this to fetch them in parallel
22 | // the number of simultaneous connections is controlled by the Scripting plugin
23 | // It is currently fixed at 4 simultaneous requests
24 |
25 | void fetchParallel() {
26 | while (hasMoreRequests() || scripted.isAsyncBusy()) {
27 | while (scripted.hasAsyncCapacity() && hasMoreRequests()) {
28 | scripted.submitAsyncRequest(getNextRequest());
29 | Thread.sleep(100);
30 | }
31 | if (scripted.hasAsyncResponse()) {
32 | while (scripted.hasAsyncResponse()) {
33 | response = scripted.getAsyncResponse();
34 | request = response.getRequest();
35 | String body = new String(response.getContent());
36 | if (body.indexOf("Please sign in to your account") == -1) {
37 | done = true;
38 | ConversationID id = scripted.addConversation(response);
39 | out.println("Success with conversation " + id);
40 | }
41 | }
42 | } else Thread.sleep(100);
43 | }
44 | }
45 |
46 | // modify this routine to determine when we are finished
47 | boolean hasMoreRequests() {
48 | return !found && time urls = new ArrayList();
16 | findJars(dir, urls);
17 | ClassLoader loader = ClassLoader.getSystemClassLoader();
18 | if (urls.size() > 0) {
19 | URL[] u = urls.toArray(new URL[urls.size()]);
20 | System.out.println("Creating new ClassLoader");
21 | Thread.currentThread().setContextClassLoader(new URLClassLoader(u, loader));
22 | } else {
23 | System.err.println("No plugins found!");
24 | }
25 | WebScarab.main(args);
26 | }
27 |
28 | private static void findJars(File dir, List urls) {
29 | if (!dir.isDirectory())
30 | return;
31 | FilenameFilter filter = new FilenameFilter() {
32 | public boolean accept(File dir, String name) {
33 | return name.endsWith(".jar") || new File(dir, name).isDirectory();
34 | }
35 | };
36 | String[] items = dir.list(filter);
37 | if (items == null)
38 | return;
39 | for (int i=0; iStoreException without detail message.
55 | */
56 | public StoreException() {
57 | }
58 |
59 |
60 | /**
61 | * Constructs an instance of StoreException with the specified detail message.
62 | * @param msg the detail message.
63 | */
64 | public StoreException(String msg) {
65 | super(msg);
66 | }
67 |
68 | public StoreException(String msg, Throwable cause) {
69 | super(msg, cause);
70 | }
71 |
72 | }
73 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/model/UrlEvent.java:
--------------------------------------------------------------------------------
1 | /*
2 | * UrlEvent.java
3 | *
4 | * Created on 13 April 2005, 04:03
5 | */
6 |
7 | package org.owasp.webscarab.model;
8 |
9 | import java.util.EventObject;
10 |
11 | /**
12 | *
13 | * @author rogan
14 | */
15 | public class UrlEvent extends EventObject {
16 |
17 | /**
18 | *
19 | */
20 | private static final long serialVersionUID = -2563329935372684632L;
21 | private HttpUrl _url;
22 | private int _position;
23 |
24 | /** Creates a new instance of UrlEvent */
25 | public UrlEvent(Object source, HttpUrl url, int position) {
26 | super(source);
27 | _url = url;
28 | _position = position;
29 | }
30 |
31 | public HttpUrl getUrl() {
32 | return _url;
33 | }
34 |
35 | public int getPosition() {
36 | return _position;
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/model/UrlListener.java:
--------------------------------------------------------------------------------
1 | /*
2 | * UrlListener.java
3 | *
4 | * Created on 13 April 2005, 04:01
5 | */
6 |
7 | package org.owasp.webscarab.model;
8 |
9 | import java.util.EventListener;
10 |
11 | /**
12 | *
13 | * @author rogan
14 | */
15 | public interface UrlListener extends EventListener {
16 |
17 | void urlAdded(UrlEvent evt);
18 |
19 | void urlChanged(UrlEvent evt);
20 |
21 | void urlRemoved(UrlEvent evt);
22 |
23 | void urlsChanged();
24 |
25 | }
26 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/model/UrlModel.java:
--------------------------------------------------------------------------------
1 | /*
2 | * UrlModel.java
3 | *
4 | * Created on 13 April 2005, 03:58
5 | */
6 |
7 | package org.owasp.webscarab.model;
8 |
9 | import EDU.oswego.cs.dl.util.concurrent.Sync;
10 |
11 | /**
12 | *
13 | * @author rogan
14 | */
15 | public interface UrlModel {
16 |
17 | int getChildCount(HttpUrl parent);
18 |
19 | HttpUrl getChildAt(HttpUrl parent, int index);
20 |
21 | int getIndexOf(HttpUrl url);
22 |
23 | Sync readLock();
24 |
25 | void addUrlListener(UrlListener listener);
26 |
27 | void removeUrlListener(UrlListener listener);
28 |
29 | }
30 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/parser/ContentParser.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * ContentParser.java
36 | *
37 | * Created on June 24, 2004, 11:42 PM
38 | */
39 |
40 | package org.owasp.webscarab.parser;
41 |
42 | import org.owasp.webscarab.model.Message;
43 | import org.owasp.webscarab.model.HttpUrl;
44 |
45 | /**
46 | * The methods required by a class that can parse the content of a message
47 | * @author knoppix
48 | */
49 | public interface ContentParser {
50 |
51 |
52 | /**
53 | * parses the body of the message, and returns a parsed representation
54 | * @param message the Message to parse
55 | * @return the parsed representation of the message body
56 | */
57 | Object parseMessage(HttpUrl url, Message message);
58 |
59 | }
60 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/BasicCredential.java:
--------------------------------------------------------------------------------
1 | /*
2 | * BasicCredential.java
3 | *
4 | * Created on 04 January 2006, 09:20
5 | *
6 | * To change this template, choose Tools | Options and locate the template under
7 | * the Source Creation and Management node. Right-click the template and choose
8 | * Open. You can then make changes to the template in the Source Editor.
9 | */
10 |
11 | package org.owasp.webscarab.plugin;
12 |
13 | /**
14 | *
15 | * @author rdawes
16 | */
17 | public class BasicCredential {
18 |
19 | private String _host;
20 | private String _realm;
21 | private String _username;
22 | private String _password;
23 |
24 | /**
25 | * Creates a new instance of BasicCredential
26 | */
27 | public BasicCredential(String host, String realm, String username, String password) {
28 | _host = host;
29 | _realm = realm;
30 | _username = username;
31 | _password = password;
32 | }
33 |
34 | public String getHost() {
35 | return _host;
36 | }
37 |
38 | public String getRealm() {
39 | return _realm;
40 | }
41 |
42 | public String getUsername() {
43 | return _username;
44 | }
45 |
46 | public String getPassword() {
47 | return _password;
48 | }
49 |
50 | }
51 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/CredentialManagerUI.java:
--------------------------------------------------------------------------------
1 | /*
2 | * CredentialManagerUI.java
3 | *
4 | * Created on 04 January 2006, 09:09
5 | *
6 | * To change this template, choose Tools | Options and locate the template under
7 | * the Source Creation and Management node. Right-click the template and choose
8 | * Open. You can then make changes to the template in the Source Editor.
9 | */
10 |
11 | package org.owasp.webscarab.plugin;
12 |
13 | /**
14 | *
15 | * @author rdawes
16 | */
17 | public interface CredentialManagerUI {
18 |
19 | void requestCredentials(String host, String[] challenges);
20 |
21 | }
22 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/DomainCredential.java:
--------------------------------------------------------------------------------
1 | /*
2 | * DomainCredential.java
3 | *
4 | * Created on 04 January 2006, 09:23
5 | *
6 | * To change this template, choose Tools | Options and locate the template under
7 | * the Source Creation and Management node. Right-click the template and choose
8 | * Open. You can then make changes to the template in the Source Editor.
9 | */
10 |
11 | package org.owasp.webscarab.plugin;
12 |
13 | /**
14 | *
15 | * @author rdawes
16 | */
17 | public class DomainCredential {
18 |
19 | private String _host;
20 | private String _domain;
21 | private String _username;
22 | private String _password;
23 |
24 | /** Creates a new instance of DomainCredential */
25 | public DomainCredential(String host, String domain, String username, String password) {
26 | _host = host;
27 | _domain = domain;
28 | _username = username;
29 | _password = password;
30 | }
31 |
32 | public String getHost() {
33 | return _host;
34 | }
35 |
36 | public String getDomain() {
37 | return _domain;
38 | }
39 |
40 | public String getUsername() {
41 | return _username;
42 | }
43 |
44 | public String getPassword() {
45 | return _password;
46 | }
47 |
48 | }
49 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/FrameworkUI.java:
--------------------------------------------------------------------------------
1 | /***********************************************************************
2 | *
3 | * $CVSHeader$
4 | *
5 | * This file is part of WebScarab, an Open Web Application Security
6 | * Project utility. For details, please see http://www.owasp.org/
7 | *
8 | * Copyright (c) 2002 - 2004 Rogan Dawes
9 | *
10 | * This program is free software; you can redistribute it and/or
11 | * modify it under the terms of the GNU General Public License
12 | * as published by the Free Software Foundation; either version 2
13 | * of the License, or (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License
21 | * along with this program; if not, write to the Free Software
22 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 | *
24 | * Getting Source
25 | * ==============
26 | *
27 | * Source for this application is maintained at Sourceforge.net, a
28 | * repository for free software projects.
29 | *
30 | * For details, please see http://www.sourceforge.net/projects/owasp
31 | *
32 | */
33 |
34 | /*
35 | * FrameworkUI.java
36 | *
37 | * Created on September 7, 2004, 6:00 PM
38 | */
39 |
40 | package org.owasp.webscarab.plugin;
41 |
42 | /**
43 | * specifies the interface between framework and its user interface
44 | * @author knoppix
45 | */
46 | public interface FrameworkUI {
47 |
48 |
49 | }
50 |
--------------------------------------------------------------------------------
/src/org/owasp/webscarab/plugin/Hook.java:
--------------------------------------------------------------------------------
1 | /*
2 | * Hook.java
3 | *
4 | * Created on 07 January 2005, 05:19
5 | */
6 |
7 | package org.owasp.webscarab.plugin;
8 |
9 | import java.util.List;
10 | import java.util.ArrayList;
11 | import java.util.logging.Logger;
12 |
13 | import org.apache.bsf.BSFManager;
14 | import org.apache.bsf.BSFException;
15 |
16 | /**
17 | *
18 | * @author rogan
19 | */
20 | public class Hook {
21 |
22 | private String _name;
23 | private String _description;
24 | private List
9 | &{[code]};
10 |
11 |
12 |