WATOBO - WEB APPLICATION TOOLBOX presented at BlackHat USA 2012

by Andreas Schmidt ,

Tags: Security

Summary : Doing manual penetration tests on web applications is time-consuming and can be very boring or even frustrating. On the other hand, if you use an automated tool you often don\'t know if or how things have been checked because there\'s too much "Voodoo" under the hood.
Each approach has its advantages and disadvantages but the selection of tools which merge both worlds is very limited. In this presentation I will introduce WATBO (Web Application Toolbox) which closes the gap and combines the advantages of both, the manual and the automated approach to web application assessments. WATOBO works like a local proxy and is analyzing the traffic on the fly for helpful information and vulnerabilities. It also has automated scanning capabilities, e.g. SQL-Injection, XSS-Checks and more. It can handle of One-Time-Tokens (aka Anti-CSRF-Tokens) and has powerfull session management capabilities.
WATOBO is written in (FX)Ruby and was initially released in May 2010 as an open source project on SourceForge (http://watobo.sourceforge.net).