- New/Open: Create a new project / open an existing project
- Exit: Quit the application
- Recent Sessions: Show list of last sessions
- Forwarding proxy: Enables to parameterize eventual proxy settings
- Session Management: Show list of login script, session IDs and logout signature
- Create Certificate: Enable to create a certificate
- Target Scope:
- Scanner Settings: Parameters of the active scan
- Interceptor Settings: Parameters of the interceptor (port, filters, ...)
- Transcoder: Transcoder for various hashes (URL, MD5, Hex, MD5, SHA-1)
- Interceptor: Interceptor window
- Logs: Show logs window
- Dashboard: Display dashboard
- Chat-Table: Display list of chats
- About: Show credits
|Same as File>New (create/open a project)|
|Launch an active scan|
|Same as View>Dashboard (Show the dashboard)|
|Same as View>Chat-table (Show the chats)|
|Same as Tools>Transcoder (Open the transcoder window)|
|Show the plugin board|
This screen enables to configure a proxy. You must specify:
The session management window is composed of 3 tabs:
This module enables to create a certificate. Fill in following fields:
It generates the *.pem files in the plugins/CA/ directory
This screen enables to define the target scope among all detected sites during a passive scan. By clicking on the "edit..." button on the right of each target, it is possible to:
These settings will mainly impact the active scan.
This screen enables to define the scanner settings:
This screen enables to parameterize the interceptor behavior:
This list is also fed by scans, but organizes pages with a treeview corresponding to the one on the server.
This filter applies on chat records. It enables to isolate a unique or a group of specific records with a text string. It is possible to specify if the string applies to requests and/or responses.
This enables to define options that apply to the list of chats:
This show the list of conversations (chats).
This menu is accessible from any line of the chat table. It applies on the selected line and shows following options:
- Send To
- Exclude from Scan
- Chat (#): Chat identification number to exclude from the scan.
- URL: Copies the entire selected URL with parameters (e.g. http://localhost/foo/bar/index.php?p1=1&p2=2)
- Site: Only copies the domain name (e.g. localhost)
- Add to Login-Script: Selected chat will be added to the Login-Scripts list (see Session management).
By clicking on a chat, it automatically refreshes both the request and the response of the server in the right panel.
Both contents are grepable, wich offers a nice search feature. Hex display is also available, as well as a tagless view (tag isolation) for the response tab.
The dashboard is composed of 2 tabs:
This view shows the logs generated by passive and active scans.
The fuzzer enables to probe various payloads and get the responses from the server. The fuzzer is very valuable thanks to the complete set of payloads: list of values, counter, regular expressions, self-defined functions, filters...
The structure is as follows: tag > generator > action. You first define tag(s), associate a generator (file, counter, list) and eventual post-actions (Encode Base-64, Encode URL, Hash-MD5 or Ruby Procedure). Right click on an element to choose appropriate action from the contextual menu.
For more information on how to use this module, please refer to the fuzzing example.
This module enables to transform an existing request and to send it to the server.
- Request Options
- Update Content-Length: Automatically corrects Content-Length following transformations made on the request
- Update Session Information: Enables to update the sessions (useful to keep session cookie updated from one request to another for not having to login each time)
- Run Login: Plays request identified in the Login Script (see Session Management)
- Log Chat: Logs transformed requests/responses in the events list
- QuickScan Options
- Use Original Request
- Log Scan
- History: Navigate through chats IDs
- Transform: Switches GET and POST
- Reset: Cancels eventual transformations and displays original request
- Send: Sends transformed request to the server
- Preview: Sends transformations to the request window on the right
- QuickScan: Opens up the vulnerabilities window to quick scan them.
Once you have transformed requests and sent it to the server via the Manual Request module, you can compare the results by selecting the "Differ" tab and by clicking on the "Diff it" button.
For more information on how to use differ, refer to this section.
The Transcoder module enables to encode/decode a string in various hashes:
Before anything, Watobo is a proxy that enables to intercept/modify requests and responses. To catch the content, activate the window from the menu (Tools>Interceptor).
Commands: Requests/Responses checkboxes enable to precise the content to intercepted/displayed