Blackhat Arsenal 2012 Releases : Watobo Web Application Toolbox v0.9.9.pre3
WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.
WATOBO has no attack capabilities and is provided for legal vulnerability audit purposes only.
I had the honor to meet Andreas during the last Blackhat Session 2011. I already knew the great guy since he was the Watobo’s author and i did a lot of posting about the tool. This year, he finally was among us demoying his fabulous toolkit Watobo. Besides, we spent some wonderful times at the Caesar’s pub (where you can find almost all hackers during the convention, you know guys what pub i’m talking about ) talking about awesome features Andreas wanted to bring into Watobo pushing it miles ahead. Needless to remind that Watobo could be used from The BackTrack 5
WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite.
Additionally, WATOBO supports passive and active checks. Passive checks are more like filter functions. They are used to collect useful information, e.g. email or IP addresses. Passive checks will be performed during normal browsing activities. No additional requests are sent to the (web) application.
Active checks instead will produce a high number of requests (depending on the check module) because they do the automatic part of vulnerability identification, e.g. during a scan.