WATOBO v0.9.9 Released

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.


  • WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
  • WATOBO can perform vulnerability checks out of the box.
  • WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
  • WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
  • WATOBO is written in (FX)Ruby and enables you to easiely define your own checks
  • WATOBO is free software ( licensed under the GNU General Public License Version 2)

Changelog v0.9.9


  • Time-based SQL injection module
  • New XSS module which gives a more accurate exploitability result
  • ConversationTable: values in coloumn Parameters are url-decoded
  • Added a WebCrawler Plugin based on Mechanize
  • Manual Request Editor: Url is displayed in the window title
  • Menubar items are disabled if no project is defined


  • CA Directory is now created in WATOBO working directory ‘.watobo’
  • Fixed Crash on opening client-certificate dialog
  • ConversationTable: GET and POST parameters are shown in the parameters coloumn
  • TreeView-Pane: Show full conversation list when Findings tab is selected
  • Fixed a bug in parsing post parameters
  • Also some minor bugs

Download WATOBO v0.9.9


www.artssec.com @maxisoler