1
The interactive HTTP proxy WebScarab – Installation
and basic use
Author: Dr. Holger Peine, Fraunhofer IESE
Holger.Peine@iese.fraunhofer.de
To actively participate in the hands-on exercises of the tutorial, you need to install the sofware
tool WebScarab on your computer. You can also follow the tutorial without this by watching
the instructor demonstrate the solution to each exercise, but remember the (alleged?) Chinese
proverb:
„I hear – and I forget; I see – and I remember; I do – and I understand!“
This text will explain in detail how to install and use WebScarab. While the explanation will
use the Windows operationg system as an example, WebScarab will also runder under Linux,
MacOS X or any other operating system supporting Java.
One more thing: Please don’t let the number of pages of this instruction intimidate you:
Everything is explained in all detail and nearly every step is illustrated by screen shots, which
of course makes the number of pages grow considerably. Nevertheless, all steps are very
common, and you should be able to complete the whole procedure in about 15-20 minutes. If
you need any help, please email the author under his address above.
Java Installation
WebScarab needs Java to execute (JRE is sufficient, JDK not necessary) in any version not
older than 1.4. Many computers will already have this installed; if this is the case with your
computer can be checked in Control Panel / Add or Remove Programs.
If you don’t have Java already installed, you can download the current JRE here:
http://java.sun.com/javase/downloads/index.jsp ; please choose „Java Runtime Environment
(JRE) 6.0 Update n“ (click „Download“); click the radiobutton “Accept License Agreement“
and choose your operating system on the resulting page (e.g. „Windows Platform - J2SE(TM)
Runtime Environment 6.0 Update n“) and choose„Windows Offline Installation, Multi-
language“ (although the online installation should work as well).
Download WebScarab
You should find the WebScarab software for download somewhere on the ACSAC pages
(probably close to description of this tutorial); if so, please download it from there, and
proceed to the installation section. If for some reason you cannot download from the ACSAC
pages, you can download WebScarab from its home page at
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project or you can also go
to the download page directly:
http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61823 . Please
download WebScarab from this page by choosing the file webscarab-installer-20070504-
1631.jar:
评论0