From aldeid
Jump to navigation Jump to search

Global view



  • File:
    • New/Open: Create a new project / open an existing project
    • Exit: Quit the application
    • Recent Sessions: Show list of last sessions
  • Settings
    • Forwarding proxy: Enables to parameterize eventual proxy settings
    • Session Management: Show list of login script, session IDs and logout signature
    • Create Certificate: Enable to create a certificate
    • Target Scope:
    • Scanner Settings: Parameters of the active scan
    • Interceptor Settings: Parameters of the interceptor (port, filters, ...)
  • Tools
    • Transcoder: Transcoder for various hashes (URL, MD5, Hex, MD5, SHA-1)
    • Interceptor: Interceptor window
  • View
    • Logs: Show logs window
    • Dashboard: Display dashboard
    • Chat-Table: Display list of chats
  • Help
    • About: Show credits


Icon-newprojects.png Same as File>New (create/open a project)
Icon-scan.png Launch an active scan
Icon-dashboard.png Same as View>Dashboard (Show the dashboard)
Icon-chats.png Same as View>Chat-table (Show the chats)
Icon-transcoder.png Same as Tools>Transcoder (Open the transcoder window)
Icon-plugins.png Show the plugin board


Forwarding proxy


This screen enables to configure a proxy. You must specify:

  • proxy name
  • proxy IP
  • proxy port

Session Management

The session management window is composed of 3 tabs:

  • Login Script: shows the list of chats selected via the "Add to Login Script" entry from the contextual menu. By clicking on the "Add Request" button, you access the list of chats to select a chat to add, and by clicking on "Remove Request", it removes the selected chat from the Login Script table.


  • Session IDs: Shows a list of predefined patterns to facilitate research of common session IDs (e.g. PHPSESSID).


  • Logout Signatures: List of predefined patterns to identify logout conversations.


Create Certificate

This module enables to create a certificate. Fill in following fields:

  • Host
  • Domain
  • User
  • Email

It generates the *.pem files in the plugins/CA/ directory


Target Scope

This screen enables to define the target scope among all detected sites during a passive scan. By clicking on the "edit..." button on the right of each target, it is possible to:

  • define the root path of the application
  • to exclude paths from the scan

These settings will mainly impact the active scan.



Scanner Settings

This screen enables to define the scanner settings:

  • Request limit
  • Smart scan (limits the number of requests)
  • Passive checks
  • Non-unique parameters
  • Excluded parameters
  • Logging



Interceptor Settings

This screen enables to parameterize the interceptor behavior:

  • Listening port (default: 8081/tcp)
  • Pass-Through Content-Length. Default value=100,000. Defines threshold to reject responses which Content-Length is higher than this threshold.
  • Pass-Through Content-Types: Filter on Content-Type of responses.




This list is fed by both passive and active scans. It shows, for each scanned site:

  • Vulnerabilities (Unencrypted logins, Cookie Security, Reflected XSS, ...)
  • Hints (Logins, Filename Parameter, HTTP Method, ...)
  • Info (Server Headers, Infrastructure, IP Address Disclosure, Hotspots, Email Addresses, ...)


This list is also fed by scans, but organizes pages with a treeview corresponding to the one on the server.




Chat table

Doc filter

This filter applies on the chat records. It enables to hide pictures, documents, javascripts and stylesheets from the view.


Text filter

This filter applies on chat records. It enables to isolate a unique or a group of specific records with a text string. It is possible to specify if the string applies to requests and/or responses.



This enables to define options that apply to the list of chats:

  • autoscroll
  • unique chats: only show unique conversations
  • scope only: hide all conversations that are not in the target scope


Chat table

This show the list of conversations (chats).


Contextual menu


This menu is accessible from any line of the chat table. It applies on the selected line and shows following options:

  • Send To
  • Exclude from Scan
    • Chat (#): Chat identification number to exclude from the scan.
  • Copy
  • Add to Login-Script: Selected chat will be added to the Login-Scripts list (see Session management).


By clicking on a chat, it automatically refreshes both the request and the response of the server in the right panel.

Both contents are grepable, wich offers a nice search feature. Hex display is also available, as well as a tagless view (tag isolation) for the response tab.

On top of this panel, you can access the Browser View, the Fuzzer and Manual Request modules.



The dashboard is composed of 2 tabs:

  • Project information shows basic information about opened project.
  • Scan information shows progress bars of all probed vulnerabilities during an active scan.




This view shows the logs generated by passive and active scans.



Browser View

The browser view enables to send the content of a request in the browser. It is accessible from the manual request window or from the request/response panel.




The fuzzer enables to probe various payloads and get the responses from the server. The fuzzer is very valuable thanks to the complete set of payloads: list of values, counter, regular expressions, self-defined functions, filters...

The fuzzer module is accessible from the request/response panel and from the contextual menu (Send to>Fuzzer).

The structure is as follows: tag > generator > action. You first define tag(s), associate a generator (file, counter, list) and eventual post-actions (Encode Base-64, Encode URL, Hash-MD5 or Ruby Procedure). Right click on an element to choose appropriate action from the contextual menu.

For more information on how to use this module, please refer to the fuzzing example.



Watobo-fuzzer-tag.png Watobo-fuzzer-generator.png Watobo-fuzzer-action.png

Manual Request

Main window


This module enables to transform an existing request and to send it to the server.


  • Request Options
    • Update Content-Length: Automatically corrects Content-Length following transformations made on the request
    • Update Session Information: Enables to update the sessions (useful to keep session cookie updated from one request to another for not having to login each time)
    • Run Login: Plays request identified in the Login Script (see Session Management)
    • Log Chat: Logs transformed requests/responses in the events list
  • QuickScan Options
    • Use Original Request
    • Log Scan


  • History: Navigate through chats IDs
  • Transform: Switches GET and POST
  • Reset: Cancels eventual transformations and displays original request
  • Send: Sends transformed request to the server
  • Preview: Sends transformations to the request window on the right
  • QuickScan: Opens up the vulnerabilities window to quick scan them.

The Manual Request module is accessible from the request/response panel or from the contextual menu (Send To>Manual Request)

Differ tab

Once you have transformed requests and sent it to the server via the Manual Request module, you can compare the results by selecting the "Differ" tab and by clicking on the "Diff it" button.



For more information on how to use differ, refer to this section.


The Transcoder module enables to encode/decode a string in various hashes:

  • Base64: useful to encode/decode basic web authentication based on .htaccess.
  • URL: useful to encode/decode URL containing special characters
  • Hex: encode/decode hexadecimal strings
  • Hash (MD5, SHA-1): encode/decode passwords



Before anything, Watobo is a proxy that enables to intercept/modify requests and responses. To catch the content, activate the window from the menu (Tools>Interceptor).

Commands: Requests/Responses checkboxes enable to precise the content to intercepted/displayed

  • Accept: Accept the content (orginal or manually transformed) and send it
  • Discard: Discard changes (displays the original content)
  • Drop: Drops the request/response