WebScarab is another web proxy, full of features that may prove interesting to penetration testers. In this recipe, we will use it to spider a website.
As default configuration, WebScarab uses port 8008 to capture HTTP requests, so we need to configure our browser to use that port in localhost as a proxy. You need to follow steps similar to the Owasp-Zap and Burp Suite configurations in your browser. In this case, the port must be 8008.
- Open WebScarab in Kali's Applications menu and navigate to 03 Web Application Analysis | webscarab.
- Browse to the Bodgeit application of vulnerable_vm (
http://192.168.56.102/bodgeit/). We will see that it appears in the Summary tab of WebScarab. - Now, right-click on the
bodgeitfolder and select Spider tree from the menu, as shown:
- All requests will appear in the bottom half of the summary and the tree will be filled, as the spider finds new files:
The summary also shows some relevant information about each particular file; for example, if it has an injection or possible injection vulnerability, if it sets a cookie, contains a form, and if the form contains hidden fields. It also indicates the presence of comments in the code or file uploads.
- If we right-click on any of the requests in the bottom-half, we will take a look at the operations we can perform on them. We will analyze a request, find the path
/bodgeit/search.jsp, right-click on it, and select Show conversation. A new window will pop up showing the response and request in various formats, as shown in the following screenshot:
- Now click on the Spider tab.
In this tab, we can adjust the regular expressions of what the spider fetches using the Allowed Domains and Forbidden Domains text boxes. We can also refresh the results using Fetch Tree. We can also stop the spider by clicking on the Stop button.
WebScarab's spider, similar to the ones of ZAP and Burp Suite, is useful for discovering all referenced files in a website or directory without having to manually browse all possible links and to deeply analyze the requests made to the server and use them to perform more sophisticated tests.