WATOBO v0.9.10 Released
WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.
Features
- WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
- WATOBO can perform vulnerability checks out of the box.
- WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
- WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
- WATOBO is written in (FX)Ruby and enables you to easiely define your own checks
- WATOBO is free software ( licensed under the GNU General Public License Version 2)
Changelog
- [Module] Time-based SQL injection module
- [Module] Rated XSS which gives a more accurate exploitability result
- [GUI] ConversationTable: values in column Parameters are url-decoded
- [Plugin] WebCrawler – based on Mechanize
- [GUI] Manual Request Editor: URL is displayed in the window title
- [GUI] Menubar items are disabled if no project is defined
- [CORE] Create SSL certificates for each target on-the-fly, now you only have to trust the internal CA once
- [Interceptor] Rewrite/Inject Feature to Interceptor
- [CORE] added .yml file extension for chats, findings, logs, …
- [Plugin] SQLmap – easy to use sqlmap interface
- [Interceptor] Transparent Proxy Feature – only available on Linux (depends on netfilter_queue)
- [CatalogScanner] added predefined database paths
- [CORE] general unzipping and un-chunking of server responses
- CA Directory is now created in WATOBO working directory ‘.watobo’
- Fixed Crash on opening client-certificate dialog
- Improved Socket communication
- ConversationTable: GET and POST parameters are shown in the parameters coloumn
- TreeView-Pane: Show full conversation list when Findings tab is selected
- Fixed a bug in parsing post parameters
- QuickScan: double scanning each module
- the disclaimer.chk file now is written to .watobo
- some minor bugs