Security Testing using OWASP WebScarab

I will demonstrate how to use WebScarab to easily and transparently intercept web traffic.
This is one of the basic step in web application hacking and analysis of web security.

Even casual hackers can use it to see what goes behind the screen while you browse particular website.
WebScarab is a framework for analysing web applications by operating as intercepting proxy, allowing the user to review and modify HTTP requests
created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser.
WebScarab is able to intercept both HTTP and HTTPS communication. This makes it one of the powerful tool when it comes to web application security.


1 favorite thumb_down thumb_up 3 comments visibility_off  Remove from Watchlist visibility  Add to Watchlist

Outline/structure of the Session

What I wish to present

How to setup WebScarab and then use it to intercept & analyze web traffic.
I will take the example of Firefox here but similar steps will apply to other web browsers also.
Intercepting Web Traffic
Penetration testing and vulnerability assesment
Future aspects


Learning Outcome

This is one of the basic step in web application hacking and analysis of web security.
Learning outcomes would be

Analysing web applications security features
Penetration testing and vulnerability assessment techniques


Target Audience

Security Testers

schedule Submitted 2 years ago

Comments Subscribe to Comments

comment Comment on this Submission
  • Aditya Garg
    By Aditya Garg  ~  2 years ago
    reply Reply

    Few queries.

    OWASP ZAP is considered to be a successor of Webscarab. Do you think WebScarab is still relevant ?

    are you going to give a demo

    would 20 minutes be ok for this ?

    • Schalk Cronjé
      By Schalk Cronjé  ~  2 years ago
      reply Reply

      Vivek, I have the same questions.

      • Vivek
        By Vivek  ~  2 years ago
        reply Reply

        Can give demo on ZAP as well

        Planning was to create environment on pen test and then to give demo.


        If ZAP I include it will be longer demo.