Global view

Settings
- Forwarding proxy: Enables to parameterize eventual proxy settings
- Session Management: Show list of login script, session IDs and logout signature
- Create Certificate: Enable to create a certificate
- Target Scope:
- Scanner Settings: Parameters of the active scan
- Interceptor Settings: Parameters of the interceptor (port, filters, ...)

Tools
- Transcoder: Transcoder for various hashes (URL, MD5, Hex, MD5, SHA-1)
- Interceptor: Interceptor window

View
- Logs: Show logs window
- Dashboard: Display dashboard
- Chat-Table: Display list of chats

Help
- About: Show credits

Icons

	Same as File>New (create/open a project)
	Launch an active scan
	Same as View>Dashboard (Show the dashboard)
	Same as View>Chat-table (Show the chats)
	Same as Tools>Transcoder (Open the transcoder window)
	Show the plugin board

Settings

Forwarding proxy

This screen enables to configure a proxy. You must specify:

proxy name
proxy IP
proxy port

Session Management

The session management window is composed of 3 tabs:

Login Script: shows the list of chats selected via the "Add to Login Script" entry from the contextual menu. By clicking on the "Add Request" button, you access the list of chats to select a chat to add, and by clicking on "Remove Request", it removes the selected chat from the Login Script table.
Session IDs: Shows a list of predefined patterns to facilitate research of common session IDs (e.g. PHPSESSID).
Logout Signatures: List of predefined patterns to identify logout conversations.

Create Certificate

This module enables to create a certificate. Fill in following fields:

Host
Domain
User
Email

It generates the *.pem files in the plugins/CA/ directory

Target Scope

This screen enables to define the target scope among all detected sites during a passive scan. By clicking on the "edit..." button on the right of each target, it is possible to:

define the root path of the application
to exclude paths from the scan

These settings will mainly impact the active scan.

Scanner Settings

This screen enables to define the scanner settings:

Request limit
Smart scan (limits the number of requests)
Passive checks
Non-unique parameters
Excluded parameters
Logging

Interceptor Settings

This screen enables to parameterize the interceptor behavior:

Listening port (default: 8081/tcp)
Pass-Through Content-Length. Default value=100,000. Defines threshold to reject responses which Content-Length is higher than this threshold.
Pass-Through Content-Types: Filter on Content-Type of responses.

Findings/Sites

Findings:

This list is fed by both passive and active scans. It shows, for each scanned site:

Vulnerabilities (Unencrypted logins, Cookie Security, Reflected XSS, ...)
Hints (Logins, Filename Parameter, HTTP Method, ...)
Info (Server Headers, Infrastructure, IP Address Disclosure, Hotspots, Email Addresses, ...)

Sites:

This list is also fed by scans, but organizes pages with a treeview corresponding to the one on the server.

Views

Chat table

Doc filter

This filter applies on the chat records. It enables to hide pictures, documents, javascripts and stylesheets from the view.

Text filter

This filter applies on chat records. It enables to isolate a unique or a group of specific records with a text string. It is possible to specify if the string applies to requests and/or responses.

Options

This enables to define options that apply to the list of chats:

autoscroll
unique chats: only show unique conversations
scope only: hide all conversations that are not in the target scope

Chat table

This show the list of conversations (chats).

Contextual menu

This menu is accessible from any line of the chat table. It applies on the selected line and shows following options:

Send To
- Fuzzer: sends selected chat to Fuzzer
- Manual Request: sends selected chat to Manual Request
Exclude from Scan
- Chat (#): Chat identification number to exclude from the scan.
Copy
- URL: Copies the entire selected URL with parameters (e.g. http://localhost/foo/bar/index.php?p1=1&p2=2)
- Site: Only copies the domain name (e.g. localhost)
Add to Login-Script: Selected chat will be added to the Login-Scripts list (see Session management).

Request/Response

By clicking on a chat, it automatically refreshes both the request and the response of the server in the right panel.

Both contents are grepable, wich offers a nice search feature. Hex display is also available, as well as a tagless view (tag isolation) for the response tab.

On top of this panel, you can access the Browser View, the Fuzzer and Manual Request modules.

Dashboard

The dashboard is composed of 2 tabs:

Project information shows basic information about opened project.
Scan information shows progress bars of all probed vulnerabilities during an active scan.

Logs

This view shows the logs generated by passive and active scans.

Tools

Browser View

The browser view enables to send the content of a request in the browser. It is accessible from the manual request window or from the request/response panel.

Fuzzer

The fuzzer enables to probe various payloads and get the responses from the server. The fuzzer is very valuable thanks to the complete set of payloads: list of values, counter, regular expressions, self-defined functions, filters...

The fuzzer module is accessible from the request/response panel and from the contextual menu (Send to>Fuzzer).

The structure is as follows: tag > generator > action. You first define tag(s), associate a generator (file, counter, list) and eventual post-actions (Encode Base-64, Encode URL, Hash-MD5 or Ruby Procedure). Right click on an element to choose appropriate action from the contextual menu.

For more information on how to use this module, please refer to the fuzzing example.

Manual Request

Main window

This module enables to transform an existing request and to send it to the server.

Options

Request Options
- Update Content-Length: Automatically corrects Content-Length following transformations made on the request
- Update Session Information: Enables to update the sessions (useful to keep session cookie updated from one request to another for not having to login each time)
- Run Login: Plays request identified in the Login Script (see Session Management)
- Log Chat: Logs transformed requests/responses in the events list
QuickScan Options
- Use Original Request
- Log Scan

Buttons:

History: Navigate through chats IDs
Transform: Switches GET and POST
Reset: Cancels eventual transformations and displays original request
Send: Sends transformed request to the server
Preview: Sends transformations to the request window on the right
QuickScan: Opens up the vulnerabilities window to quick scan them.

The Manual Request module is accessible from the request/response panel or from the contextual menu (Send To>Manual Request)

Differ tab

Once you have transformed requests and sent it to the server via the Manual Request module, you can compare the results by selecting the "Differ" tab and by clicking on the "Diff it" button.

For more information on how to use differ, refer to this section.

Transcoder

The Transcoder module enables to encode/decode a string in various hashes:

Base64: useful to encode/decode basic web authentication based on .htaccess.
URL: useful to encode/decode URL containing special characters
Hex: encode/decode hexadecimal strings
Hash (MD5, SHA-1): encode/decode passwords

Interceptor

Before anything, Watobo is a proxy that enables to intercept/modify requests and responses. To catch the content, activate the window from the menu (Tools>Interceptor).

Commands: Requests/Responses checkboxes enable to precise the content to intercepted/displayed

Accept: Accept the content (orginal or manually transformed) and send it
Discard: Discard changes (displays the original content)
Drop: Drops the request/response

Comments

Watobo/Interface

Contents