That said, I could not find much on how to install WebScarab. It is older, with no clear install instructions, other than here’s the zip file, install it. WebScarab is written in java, so you can run it from Terminal. I could not figure out how to put it into a launcher.
This historical page is now part of the OWASP archive.
This page contains content that is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were once valid but may now link to sites or pages that no longer exist.
Please use the newer Edition(s) like OWASP Zed Attack Proxy Project
This is not the most helpful message from the Getting Started page. Just ignore it.
- Download the zip file: Using the above link, found the zip file here. So I downloaded the zip file, but there’s no installation files nor instructions.
- Unzip it: From the downloads screen, right clicked and opened with Archive manager. Tried extracting to /opt but did not have permissions, so extracted to Desktop.
- Ant it: Got stuck. Then I found these instructions on how to get the package straight from Git. These instructions are written by Rogan Dawes, who wrote WebScarab. There is also his quickstart guide.
$ git clone git://dawes.za.net/webscarab.git
$ ant build
$ java -jar webscarab.jar
Open a Terminal and navigate to Desktop and then to the directory OWASP-WebScarab-master: The git clone went well, but I had to install ant.
$ ant build
The program ‘ant’ is currently not installed. You can install it by typing: sudo apt install ant
$ sudo apt install ant
- Run it: Did the java jar command and WebScarab displayed its logo and popped up on my screen. Yay! Keep this Terminal open, as this will tell you the status of WebScarab. If you close it so will WebScarab.
- In WebScarab, click on the proxy tab, ensure that your proxy is set to 127.0.0.1 port 8008. This is default.
- In your browser, change your proxy to the one in WebScarab. For Firefox, Preferences > Advanced > Network > Connections > settings button, change from “No Proxy” to “Manual proxy configuration”. Configure your web proxy to match the one in WebScarab, which is 127.0.0.1 port 8008 > Ok
- Back to WebScarab, click the Spider tab. Enter your URL into Allowed Domains
- In your browser, type in your domain, hit enter. you should see WebScarab start collecting data. After the page loads you can then play around with WebScarab. You should also see the Terminal change.
- There are also Youtube videos on the process.
I tried to figure out a way to make WebScarab a launcher icon, but gave up. Maybe later. Apparently you need to install gnome-panels to do this.