Hi everybody,
we want to announce that we just released version 0.9.7rev544 of WATOBO
(Web Application TOolBOx).
= general description =
WATOBO is intended to enable security professionals to perform
semi-automated web application security audits.
Here's a brief summary of its features:
- Session Management; Login scripts, logout recognition, automated relogin
- One-Time-Token support; for testing CSRF protected functions
- NTLM-Authentication for servers and proxies
- Active security checks: SQLi, XSS, LFI, DirWalker, HTTP-Methods,
JBoss, SAP, ...
- Passive checks/filters: Cookie-Options, Login-Encryption, DOMXSS, ...
- Plugins: SSLChecker, FileFinder and Catalog-Scanner
- Fuzzer: fuzz engine, e.g. for username enumeration or collecting cookies
- Manual Request Editor: customize and send requests
- Differ: diffing request/response pairs
= NEWS =
There are lots of new functions/features like:
- MasterPassword for encrypting Proxy- and WWW-Auth-Passwords
- Hotkey-Help: Press F1 to view all Hotkeys for the focused widget -
Works in ManualRequestEditor, Interceptor, ChatViewers
- Interceptor: Intercept Filters, Editor, Hotkeys - almost complete
rewrite
- Passive Module: 'DOM XSS' - checks for javascript code which
manipulates DOM and may be misused for XSS
- Passive Module: 'Detect One-Time-Tokens' - checks for parameters
which may be used to prevent CSRF-Attacks
- ManualRequest Following Redirects Automatically (optional)
- ManualRequest: Added Hotkeys for 'send' (ctrl-enter) and
transcoding ctrl-[shift]-b (base64), ctrl-[shift]-u (url)
- ManualRequest: new Transform 'Get -> Post'
- TableEditor: Added Hotkeys; ctrl-[shift]-b (base64), ctrl-[shift]-u
(url), ctrl-enter (send request)
- Passive Module: 'Detect Code' - Now also checks for ASP-Snippets
- ConversationTable: added SSL-Icon for encrypted chats
- TextView: added Match-Navigation for 'Highlight'- and 'Grep'-Filter
- One-Time-Token-Dialog: Target chat is also visible for OTT-pattern
creation.
- WATOBO-Logo: watobo-48x48.png for nice desktop shortcuts/launchers ;)
More informationen as well as (new) video tutorials are available at the
project page http://watobo.sourceforge.net
We hope you find WATOBO useful!
If you find a bug, have a feature request or simply want to tell some
success stories please send a mail to watobo@siberas.de.
regards,
andy
Hi everybody,
we want to announce that we just released version 0.9.7rev544 of WATOBO
(Web Application TOolBOx).
= general description =
WATOBO is intended to enable security professionals to perform
semi-automated web application security audits.
Here's a brief summary of its features:
- Session Management; Login scripts, logout recognition, automated relogin
- One-Time-Token support; for testing CSRF protected functions
- NTLM-Authentication for servers and proxies
- Active security checks: SQLi, XSS, LFI, DirWalker, HTTP-Methods,
JBoss, SAP, ...
- Passive checks/filters: Cookie-Options, Login-Encryption, DOMXSS, ...
- Plugins: SSLChecker, FileFinder and Catalog-Scanner
- Fuzzer: fuzz engine, e.g. for username enumeration or collecting cookies
- Manual Request Editor: customize and send requests
- Differ: diffing request/response pairs
= NEWS =
There are lots of new functions/features like:
- MasterPassword for encrypting Proxy- and WWW-Auth-Passwords
- Hotkey-Help: Press F1 to view all Hotkeys for the focused widget -
Works in ManualRequestEditor, Interceptor, ChatViewers
- Interceptor: Intercept Filters, Editor, Hotkeys - almost complete
rewrite
- Passive Module: 'DOM XSS' - checks for javascript code which
manipulates DOM and may be misused for XSS
- Passive Module: 'Detect One-Time-Tokens' - checks for parameters
which may be used to prevent CSRF-Attacks
- ManualRequest Following Redirects Automatically (optional)
- ManualRequest: Added Hotkeys for 'send' (ctrl-enter) and
transcoding ctrl-[shift]-b (base64), ctrl-[shift]-u (url)
- ManualRequest: new Transform 'Get -> Post'
- TableEditor: Added Hotkeys; ctrl-[shift]-b (base64), ctrl-[shift]-u
(url), ctrl-enter (send request)
- Passive Module: 'Detect Code' - Now also checks for ASP-Snippets
- ConversationTable: added SSL-Icon for encrypted chats
- TextView: added Match-Navigation for 'Highlight'- and 'Grep'-Filter
- One-Time-Token-Dialog: Target chat is also visible for OTT-pattern
creation.
- WATOBO-Logo: watobo-48x48.png for nice desktop shortcuts/launchers ;)
More informationen as well as (new) video tutorials are available at the
project page http://watobo.sourceforge.net
We hope you find WATOBO useful!
If you find a bug, have a feature request or simply want to tell some
success stories please send a mail to watobo@siberas.de.
regards,
andy