Watobo Version 0.9.7 Revision 544 available

Blackhat is a kind of place you can meet great dudes and buddies. A kind of place, you can recognize people with their badges and say : “Holy Sh…. that’s Andreas from Watobo. I use his tool in my web pentesting works”.  So today, i’ve just received a mail from Andreas about the latest Watobo version.

Andreas is a nice guy and talented hacker.

 

 

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.

Here’s a brief summary of its features:

  • Session Management; Login scripts, logout recognition, automated relogin
  • One-Time-Token support; for testing CSRF protected functions
  • NTLM-Authentication for servers and proxies
  • Active security checks: SQLi, XSS, LFI, DirWalker, HTTP-Methods, JBoss, SAP, …
  •  Passive checks/filters: Cookie-Options, Login-Encryption, DOMXSS, …
  •  Plugins: SSLChecker, FileFinder and Catalog-Scanner
  • Fuzzer: fuzz engine, e.g. for username enumeration or collecting cookies
  • Manual Request Editor: customize and send requests
  • Differ: diffing request/response pairs

= NEWS =
There are lots of new functions/features like:

  • MasterPassword for encrypting Proxy- and WWW-Auth-Passwords
  • Hotkey-Help: Press F1 to view all Hotkeys for the focused widget – Works in ManualRequestEditor, Interceptor, ChatViewers
  • Interceptor: Intercept Filters, Editor, Hotkeys – almost complete rewrite
  • Passive Module: ‘DOM XSS’ – checks for javascript code which manipulates DOM and may be misused for XSS
  • Passive Module: ‘Detect One-Time-Tokens’ – checks for parameters which may be used to prevent CSRF-Attacks
  • ManualRequest Following Redirects Automatically (optional)
  • ManualRequest: Added Hotkeys for ‘send’ (ctrl-enter) and transcoding ctrl-[shift]-b (base64), ctrl-[shift]-u (url)
  • ManualRequest: new Transform ‘Get -> Post’
  • TableEditor: Added Hotkeys; ctrl-[shift]-b (base64), ctrl-[shift]-u (url), ctrl-enter (send request)
  • Passive Module: ‘Detect Code’ – Now also checks for ASP-Snippets
  • ConversationTable: added SSL-Icon for encrypted chats
  • TextView: added Match-Navigation for ‘Highlight’- and ‘Grep’-Filter
  • One-Time-Token-Dialog: Target chat is also visible for OTT-pattern creation.
  • WATOBO-Logo: watobo-48×48.png for nice desktop shortcuts/launchers

More informationen as well as (new) video tutorials are available at the project page http://watobo.sourceforge.net

 

 

NJ Ouchn

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community