Watobo Version 0.9.7 Revision 544 available
Blackhat is a kind of place you can meet great dudes and buddies. A kind of place, you can recognize people with their badges and say : “Holy Sh…. that’s Andreas from Watobo. I use his tool in my web pentesting works”. So today, i’ve just received a mail from Andreas about the latest Watobo version.
Andreas is a nice guy and talented hacker.
WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.
Here’s a brief summary of its features:
- Session Management; Login scripts, logout recognition, automated relogin
- One-Time-Token support; for testing CSRF protected functions
- NTLM-Authentication for servers and proxies
- Active security checks: SQLi, XSS, LFI, DirWalker, HTTP-Methods, JBoss, SAP, …
- Passive checks/filters: Cookie-Options, Login-Encryption, DOMXSS, …
- Plugins: SSLChecker, FileFinder and Catalog-Scanner
- Fuzzer: fuzz engine, e.g. for username enumeration or collecting cookies
- Manual Request Editor: customize and send requests
- Differ: diffing request/response pairs
= NEWS =
There are lots of new functions/features like:
- MasterPassword for encrypting Proxy- and WWW-Auth-Passwords
- Hotkey-Help: Press F1 to view all Hotkeys for the focused widget – Works in ManualRequestEditor, Interceptor, ChatViewers
- Interceptor: Intercept Filters, Editor, Hotkeys – almost complete rewrite
- Passive Module: ‘DOM XSS’ – checks for javascript code which manipulates DOM and may be misused for XSS
- Passive Module: ‘Detect One-Time-Tokens’ – checks for parameters which may be used to prevent CSRF-Attacks
- ManualRequest Following Redirects Automatically (optional)
- ManualRequest: Added Hotkeys for ‘send’ (ctrl-enter) and transcoding ctrl-[shift]-b (base64), ctrl-[shift]-u (url)
- ManualRequest: new Transform ‘Get -> Post’
- TableEditor: Added Hotkeys; ctrl-[shift]-b (base64), ctrl-[shift]-u (url), ctrl-enter (send request)
- Passive Module: ‘Detect Code’ – Now also checks for ASP-Snippets
- ConversationTable: added SSL-Icon for encrypted chats
- TextView: added Match-Navigation for ‘Highlight’- and ‘Grep’-Filter
- One-Time-Token-Dialog: Target chat is also visible for OTT-pattern creation.
- WATOBO-Logo: watobo-48×48.png for nice desktop shortcuts/launchers
More informationen as well as (new) video tutorials are available at the project page http://watobo.sourceforge.net
About the Author
NJ Ouchn "Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
Related Posts
OWASP Joomscan v0.0.1 →
[New Tool] Simple Vulnerability Manager v1.1.786 →
WPSeku v0.2.1 – WordPress Security Scanner →
