Comments on: Webscarab Tutorial Part 1 (learning the basics)

By: Is there a program that automaticly finds .PHP files on a web server and tests them for SQL injections? - Admins Goodies

Thu, 11 Aug 2011 21:42:41 +0000

[...] WebScarab Howto: http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/ [...]

By: travis

travis — Mon, 06 Jun 2011 17:01:54 +0000

Mo,

Glad you found your answer. Also some browsers will automatically not allow proxies for localhost, so you may have to specifically check a box inside the browsers settings to allow for localhost. Thanks for adding you info and experience.

By: Mo

Mo — Thu, 26 May 2011 15:10:08 +0000

Travis,

This is Mo again. I just found an answer to my problem (please feel free to add this to any FAQ’s you build). If someone decides to build a test environment and has the webserver and the proxy run on the same box, make sure not to use the URL: http://localhost/mysite...

Using “localhost” means traffic is not routed the classic way (web browser to http server listening port) and therefore the webscarab user wont be able to intercept traffic. Best practice is to use the local box IP address instead.

URL: http://192.168.1.5/mysite...

This solution took me a while to find. I hope it can help a lost soul somewhere.

By: Mo

Mo — Thu, 26 May 2011 14:32:52 +0000

Hi Travis,

Great work! Thank you for all the help. I’m trying to test an in-house web application with webscarab and I’m running into issues (my experience is limited). I have the web application running on my local XP IIS and I can’t figure out a way to intercept traffic.

I have followed all of your instructions above (I am using IE 8.0) and still having issues with locally installed web apps. Any help would be greatly appreciated.

Keep up the good work

By: travis

travis — Wed, 19 Jan 2011 12:51:52 +0000

Fabrizio,

I’m not quite sure what your problem could be, sounds like you have everything setup correctly. Maybe try the same setup with Internet Explorer and see if you have the same issue. Also you might want to clear your history and cookies inside of firefox that gives it a fresh start. I’ve sometimes gotten hangups on old history and cookies. Try that and let me know if that works.

By: Fabrizio

Fabrizio — Wed, 19 Jan 2011 11:39:57 +0000

Hi,
I am trying to solve WebGoat lessons using Webscarab. I’m also using the browser
Firefox. I set webscarab listen on port 8008. I’ve configured firefox to connect on
HTTP proxy on port 8008. The problem is that Webscarab is able to intercept the request, but my
browser don’t receive data. It remains waiting for localhost response. Please tell me
any solution.

Thanks

By: travis

travis — Tue, 16 Nov 2010 12:55:43 +0000

suresh, i think what you want to do is "chain" proxies, have a look at this article and see if it solves your issue.

By: Suresh

Suresh — Thu, 28 Oct 2010 07:16:30 +0000

Previously I had no issues. Webscarab went on fine. Now there is a firewall for browzing web site with some sites blocked in. After implementing Firewall I am unable to use webscarab. I am able to edit request but in my browser am facing.

WebScarab encountered an error trying to retrieve

The error was :

Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)

I tried both 8008 & 8080 and facing same issue. Can anyone give me some inputs on this, how to configure webscarab in firewall

By: Raghavan

Raghavan — Mon, 20 Sep 2010 07:13:53 +0000

Guys,

Somebody asked how to switch between lite and full mode.. Go to Tools and check the Use full-featured mode check box. Now close and open Webscarab, u ll get the full mode..

Vice versa for getting to lite-mode..

If an obsolete info, my apologies.. just as an FYI…

By: Santhosh

Santhosh — Wed, 07 Apr 2010 06:52:03 +0000

Hi Travis,

I have already tried it, but still cant fix it.

Question:
Can I have webscarab and webserver installed on the same machine?