Using WebScarab
WebScarab is another web proxy, full of features that may prove interesting to penetration testers. In this recipe, we will use it to spider a website.
Getting ready
As default configuration, WebScarab uses port 8008 to capture HTTP requests, so we need to configure our browser to use that port in localhost as a proxy. You need to follow steps similar to the Owasp-Zap and Burp Suite configurations in your browser. In this case, the port must be 8008.
How to do it...
Open WebScarab in Kali's Applications menu and navigate to 03 Web Application Analysis | webscarab.
Browse to the Bodgeit application of vulnerable_vm (
http://192.168.56.102/bodgeit/). We will see that it appears in the Summary tab of WebScarab.Now, right-click on the
bodgeitfolder and select Spider tree from the menu, as shown:
All requests will appear in the bottom half of the summary and the tree will be filled, as the spider finds new files:
The summary also shows some relevant information about each particular...
