Ubuntu 16.04 install WebScarab

      No Comments on Ubuntu 16.04 install WebScarab

Here I am with some idle time, found a hacking article on G&M, which led me to some pretty scary hacking tools (malware creation tools) which led me to nikto which led me to WebScarab. Yes, confusing, but I am trying to stay White Hat.

That said, I could not find much on how to install WebScarab. It is older, with no clear install instructions, other than here’s the zip file, install it. WebScarab is written in java, so you can run it from Terminal. I could not figure out how to put it into a launcher.

This historical page is now part of the OWASP archive.
This page contains content that is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were once valid but may now link to sites or pages that no longer exist.
Please use the newer Edition(s) like OWASP Zed Attack Proxy Project

This is not the most helpful message from the Getting Started page. Just ignore it.

  1. Download the zip file: Using the above link, found the zip file here. So I downloaded the zip file, but there’s no installation files nor instructions.
  2. Unzip it: From the downloads screen, right clicked and opened with Archive manager. Tried extracting to /opt but did not have permissions, so extracted to Desktop.
  3. Ant it: Got stuck. Then I found these instructions on how to get the package straight from Git. These instructions are written by Rogan Dawes, who wrote WebScarab. There is also his quickstart guide.

    $ git clone git://dawes.za.net/webscarab.git
    $ ant build
    $ java -jar webscarab.jar

    Open a Terminal and navigate to Desktop and then to the directory OWASP-WebScarab-master: The git clone went well, but I had to install ant.

    $ ant build
    The program ‘ant’ is currently not installed. You can install it by typing: sudo apt install ant
    $ sudo apt install ant

  4. Run it: Did the java jar command and WebScarab displayed its logo and popped up on my screen. Yay! Keep this Terminal open, as this will tell you the status of WebScarab. If you close it so will WebScarab.

So now there’s this table sitting in front of me. Huh? How do I use it? Web Scarab acts as a web proxy. It sits like the man in the middle between your browser and the Internet. You need to change your web browser’s proxy to point to WebScarab, which then goes out to the wild.

  1. In WebScarab, click on the proxy tab, ensure that your proxy is set to 127.0.0.1 port 8008. This is default.
  2. In your browser, change your proxy to the one in WebScarab. For Firefox, Preferences > Advanced > Network > Connections > settings button, change from “No Proxy” to “Manual proxy configuration”. Configure your web proxy to match the one in WebScarab, which is 127.0.0.1 port 8008 > Ok
  3. Back to WebScarab, click the Spider tab. Enter your URL into Allowed Domains
  4. In your browser, type in your domain, hit enter. you should see WebScarab start collecting data. After the page loads you can then play around with WebScarab. You should also see the Terminal change.
  5. There are also Youtube videos on the process.

      I tried to figure out a way to make WebScarab a launcher icon, but gave up. Maybe later. Apparently you need to install gnome-panels to do this.

Leave a Reply

Your email address will not be published. Required fields are marked *