Using WebScarab

WebScarab is another web proxy, full of features that may prove interesting to penetration testers. In this recipe, we will use it to spider a website.

Getting ready

As default configuration, WebScarab uses port 8008 to capture HTTP requests, so we need to configure our browser to use that port in localhost as a proxy. You need to follow steps similar to the Owasp-Zap and Burp Suite configurations in your browser. In this case, the port must be 8008.

How to do it...

  1. Open WebScarab in Kali's Applications menu and navigate to 03 Web Application Analysis | webscarab.
  2. Browse to the Bodgeit application of vulnerable_vm (http://192.168.56.102/bodgeit/). We will see that it appears in the Summary tab of WebScarab.
  3. Now, right-click on the

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial