Web application security - the fast guide 1.1 | Page 168

Chapter 8 - Attack Tools

P a g e | 168
OWASP Web Scarab: another java based GNU General public license
software with Swiss knife like functionalities it includes an HTTP proxy,
crawler/spider, session ID analysis, script interface for automation,
fuzzer, encoder/decoder utility for all of the popular web formats
(Base64,MD5, and so on), and a Web Services Description Language
(WSDL) and SOAP parse.
Figure 62:WebScarab interface showing different available functionalities at the top bar


proxyMon: this tool uses web scarab logs and directory structures to
generate security events, including important variables in set cookies,
sent cookies, query strings, and post parameters across site it enables
additionally a vulnerability check based on its own library.
ProxyMon can be used affectively to automate penetration tests as it can
provide option to attempt upload files.it also provides a mobile version
Fiddler: windows based tool, uses .NET framework, it provides the ability
to intercept sessions like Paros and WebScarab it uses the term
breakpoint to define tree states (break before request, break after
response, run to completion).the tool will enable altering any data in each
breakpoint then release the execution till the next break point.