WebScarab

WebScarab
	Screenshot of WebScarab
Developer(s)	The Open Web Application Security Project
Repository	github.com/OWASP/OWASP-WebScarab
Written in	Java
Type	Web security testing tool
License	GPLv2
Website	WebScarab

WebScarab is a web security application testing tool. It serves as a proxy that intercepts and allows people to alter web browser web requests (both HTTP and HTTPS) and web server replies. WebScarab also may record traffic for further review.^[1]

Overview

WebScarab is an open source tool developed by The Open Web Application Security Project (OWASP), and was implemented in Java so it could run across multiple operating systems.^[2]

WebScarab is meant to act as a framework, being extensible and with most features being implemented as plugins.^[3]

Features

Some of the features provided by plugins include: ^[3]

An intercepting proxy server
Executing Java commands with BeanShell
Emulating a slower network
Acting as a web crawler
Fuzzing request parameters
Cross-site scripting analysis

In 2013 official development of WebScarab slowed, and it appears that OWASP's Zed Attack Proxy ("ZAP") Project (another Java-based, open source proxy tool but with more features and active development) is WebScarab's official successor,^[4]^[5] although ZAP itself was forked from the Paros Proxy, not WebScarab.^[6]

References

^ Hope, Brian; Walther, Ben (2009). Web security testing cookbook : systematic techniques to find problems fast. Internet Archive. Sebastopol, Ca. : O'Reilly. ISBN 978-0-596-51483-9.
^ "Website Design for Crafting a Captivating Online Presence". Retrieved 2023-10-20.
^ ^a ^b "OWASP-WebScarab website". OWASP. Archived from the original on 12 May 2025. Retrieved 23 May 2025.
^ "OWASP-WebScarab check-in history". GitHub. Retrieved 5 May 2014.
^ "zaproxy change list". Google Code. Retrieved 5 May 2014.
^ "OWASP Zed Attack Proxy Project - Features". OWASP. Retrieved 5 May 2014.

External links

Official Webpage

This Web-software-related article is a stub. You can help Wikipedia by expanding it.

This security software article is a stub. You can help Wikipedia by expanding it.

[1] Hope, Brian; Walther, Ben (2009). Web security testing cookbook : systematic techniques to find problems fast. Internet Archive. Sebastopol, Ca. : O'Reilly. ISBN 978-0-596-51483-9.

[2] "Website Design for Crafting a Captivating Online Presence". Retrieved 2023-10-20.

[website-3] "OWASP-WebScarab website". OWASP. Archived from the original on 12 May 2025. Retrieved 23 May 2025.

[4] "OWASP-WebScarab check-in history". GitHub. Retrieved 5 May 2014.

[5] "zaproxy change list". Google Code. Retrieved 5 May 2014.

[6] "OWASP Zed Attack Proxy Project - Features". OWASP. Retrieved 5 May 2014.

[1]

[2]

[3]

[4]

[5]

[6]