Comments on: Webscarab Tutorial Part 1 (learning the basics)

By: Webscarab « d4rKn19t's Blog

Webscarab « d4rKn19t's Blog — Thu, 11 Mar 2010 03:20:39 +0000

[...] Article Source [...]

By: travis

travis — Tue, 02 Feb 2010 18:11:11 +0000

Nidhi,

Sounds like you’re doing everything correct. Maybe try grabbing a newer or older version of Webscarab. Without knowing more information that’s what I would suggest.

By: Nidhi

Nidhi — Mon, 01 Feb 2010 08:53:20 +0000

Hi,
I am trying to test the insecure webservices through web scarab. Now the problem I am facing is that the tomcat server is hosted on localhost(port 8080) and when I try to use web scarab and listen on port 8080,it gives a java-bind error. i also changed the port of web service to 8008 but with same port it gives error message and with different ports it doest intercepts any traffic.please tell me any solution.
another problem is i am not having proxy setting on my system. i m using broadband connection at home. so how can i use web scarab to capture traffic because with proxy setting i cant access net.

Thanks

By: Visu

Visu — Tue, 17 Nov 2009 14:02:25 +0000

I had the same problem that I could not use the tool via corp proxy. But after setting the credentials in “tools/credentials” page, everything looks good. I also just used firefox for testing. You can also check “always ask for credentials” in the tools/credentials page so that whenever you start testing via tool, a popup will come up where you can enter your credentials. Hope this helps.

By: Sajad

Sajad — Wed, 11 Nov 2009 04:10:40 +0000

Hi,I would like training to web scarab

By: travis

travis — Mon, 17 Aug 2009 15:20:31 +0000

dan,

could be a number of reasons you’re getting this error, hard for me to diagnose with this information.

By: dan

dan — Wed, 12 Aug 2009 22:12:14 +0000

Hi, I have installed webscarab but seem to be having issues with it not working. When trying to browse a standard site with intercept enabled i am constantly getting this message.

WebScarab encountered an error trying to retrieve

GET http://www.google.co.uk:80/ HTTP/1.1
Host: http://www.google.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Cache-Control: max-age=0

The error was :

Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(Unknown Source)
at java.net.PlainSocketImpl.connectToAddress(Unknown Source)
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at org.owasp.webscarab.httpclient.URLFetcher.connect(URLFetcher.java:362)
at org.owasp.webscarab.httpclient.URLFetcher.fetchResponse(URLFetcher.java:223)
at org.owasp.webscarab.plugin.proxy.CookieTracker$Plugin.fetchResponse(CookieTracker.java:130)
at org.owasp.webscarab.plugin.proxy.BrowserCache$Plugin.fetchResponse(BrowserCache.java:101)
at org.owasp.webscarab.plugin.proxy.RevealHidden$Plugin.fetchResponse(RevealHidden.java:100)
at org.owasp.webscarab.plugin.proxy.BeanShell$Plugin.fetchResponse(BeanShell.java:229)
at org.owasp.webscarab.plugin.proxy.ManualEdit$Plugin.fetchResponse(ManualEdit.java:243)
at org.owasp.webscarab.plugin.proxy.ConnectionHandler.run(ConnectionHandler.java:222)
at java.lang.Thread.run(Unknown Source)

Any help is appreciated.

By: travis

travis — Sun, 09 Aug 2009 22:03:49 +0000

danny,

i assume what you mean is that you’re at school or work which has a proxy in place to block/protect end users and you want webscarab to be aware of that proxy and hopefully chain them together. i typically do not have a need for this but have tried it in the past with no success. in theory you should be able to go into tools > proxies and then enter the information for the proxy between you and your application.

By: Danny

Danny — Wed, 05 Aug 2009 02:26:26 +0000

Hi, Travis

Kudos for the splendid work . My query is if im behind a protected proxy,how can i use the tool. Because of the proxy webscarab is not detecting the websites i.e no traffic is being populated.
Can you think of a solution?

Thanks Danny

By: travis

travis — Tue, 23 Jun 2009 13:40:19 +0000

nikhil,

you cant have 2 services on the same port, you should have webscarab listen on a separate port such as 8008. so change the listening port in webscarab to 8008 and see if that solves your problem, reference figure 1 above. if that doesnt solve your problem let me know.