WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.
Almost nothing of the original WebScarab remains in the current code base. Although the spider code that WebSphinx/WebScarab was based on was mature and well-tested, it did not fit in with my view of how such a tool should operate. Rather than rip out 99% of WebSphinx, I chose to implement a trivial spider in its place. The original WebScarab/WebSphinx spider code is still available from SourceForge, for anyone who is interested.
This page is not the official WebScarab page. A quickstart guide is available here, and some user documentation is available here. This user documentation is the same as that available via the built-in javahelp, within WebScarab.
- Author: Rogan Dawes
- License: GPLv2
Tools included in the webscarab package
webscarab – Web application review tool
WebScarab is a Web Application Review tool.