[prev in list] [next in list] [prev in thread] [next in thread]
List: websecurity
Subject: [WEB SECURITY] WATOBO 0.9.7rev544 released
From: Andreas Schmidt <webappsec () siberas ! de>
Date: 2011-07-22 15:21:01
Message-ID: 4E29955D.9080805 () siberas ! de
[Download RAW message or body]
Hi everybody,
we want to announce that we just released version 0.9.7rev544 of WATOBO
(Web Application TOolBOx).
= general description =
WATOBO is intended to enable security professionals to perform
semi-automated web application security audits.
Here's a brief summary of its features:
- Session Management; Login scripts, logout recognition, automated relogin
- One-Time-Token support; for testing CSRF protected functions
- NTLM-Authentication for servers and proxies
- Active security checks: SQLi, XSS, LFI, DirWalker, HTTP-Methods,
JBoss, SAP, ...
- Passive checks/filters: Cookie-Options, Login-Encryption, DOMXSS, ...
- Plugins: SSLChecker, FileFinder and Catalog-Scanner
- Fuzzer: fuzz engine, e.g. for username enumeration or collecting cookies
- Manual Request Editor: customize and send requests
- Differ: diffing request/response pairs
= NEWS =
There are lots of new functions/features like:
- MasterPassword for encrypting Proxy- and WWW-Auth-Passwords
- Hotkey-Help: Press F1 to view all Hotkeys for the focused widget -
Works in ManualRequestEditor, Interceptor, ChatViewers
- Interceptor: Intercept Filters, Editor, Hotkeys - almost complete
rewrite
- Passive Module: 'DOM XSS' - checks for javascript code which
manipulates DOM and may be misused for XSS
- Passive Module: 'Detect One-Time-Tokens' - checks for parameters
which may be used to prevent CSRF-Attacks
- ManualRequest Following Redirects Automatically (optional)
- ManualRequest: Added Hotkeys for 'send' (ctrl-enter) and
transcoding ctrl-[shift]-b (base64), ctrl-[shift]-u (url)
- ManualRequest: new Transform 'Get -> Post'
- TableEditor: Added Hotkeys; ctrl-[shift]-b (base64), ctrl-[shift]-u
(url), ctrl-enter (send request)
- Passive Module: 'Detect Code' - Now also checks for ASP-Snippets
- ConversationTable: added SSL-Icon for encrypted chats
- TextView: added Match-Navigation for 'Highlight'- and 'Grep'-Filter
- One-Time-Token-Dialog: Target chat is also visible for OTT-pattern
creation.
- WATOBO-Logo: watobo-48x48.png for nice desktop shortcuts/launchers ;)
More informationen as well as (new) video tutorials are available at the
project page http://watobo.sourceforge.net
We hope you find WATOBO useful!
If you find a bug, have a feature request or simply want to tell some
success stories please send a mail to watobo@siberas.de.
regards,
andy
_______________________________________________
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic