Published on August 16th, 2012 | by NJ Ouchn


WATOBO v0.9.10 Released

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.


  • WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
  • WATOBO can perform vulnerability checks out of the box.
  • WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
  • WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
  • WATOBO is written in (FX)Ruby and enables you to easiely define your own checks
  • WATOBO is free software ( licensed under the GNU General Public License Version 2)


  • [Module] Time-based SQL injection module
  • [Module] Rated XSS which gives a more accurate exploitability result
  • [GUI] ConversationTable: values in column Parameters are url-decoded
  • [Plugin] WebCrawler – based on Mechanize
  • [GUI] Manual Request Editor: URL is displayed in the window title
  • [GUI] Menubar items are disabled if no project is defined
  • [CORE] Create SSL certificates for each target on-the-fly, now you only have to trust the internal CA once
  • [Interceptor] Rewrite/Inject Feature to Interceptor
  • [CORE] added .yml file extension for chats, findings, logs, …
  • [Plugin] SQLmap – easy to use sqlmap interface
  • [Interceptor] Transparent Proxy Feature – only available on Linux (depends on netfilter_queue)
  • [CatalogScanner] added predefined database paths
  • [CORE] general unzipping and un-chunking of server responses
  • CA Directory is now created in WATOBO working directory ‘.watobo’
  • Fixed Crash on opening client-certificate dialog
  • Improved Socket communication
  • ConversationTable: GET and POST parameters are shown in the parameters coloumn
  • TreeView-Pane: Show full conversation list when Findings tab is selected
  • Fixed a bug in parsing post parameters
  • QuickScan: double scanning each module
  • the disclaimer.chk file now is written to .watobo
  • some minor bugs


Tags: ,

About the Author

"Passion is needed for any great work, and for the revolution, passion and audacity are required in big doses"

Back to Top ↑