WebScarab

WebScarab is a web security application testing tool. It serves as a proxy that intercepts and allows people to alter web browser web requests (both HTTP and HTTPS) and web server replies. WebScarab also may record traffic for further review.^[1]

WebScarab
Screenshot of WebScarab
Developer	The Open Web Application Security Project
Repository	github.com/OWASP/OWASP-WebScarab
Written in	Java
Successor	Zed Attack Proxy
Type	Web security testing tool
License	GPLv2
Website	WebScarab

In 2013 official development of WebScarab slowed. The project repository was archived on 4 April 2024.^[2] The website of the project was also archived and recommends using OWASP's Zed Attack Proxy instead.^[3]

Overview

WebScarab is an open source tool developed by The Open Web Application Security Project (OWASP), and was implemented in Java so it could run across multiple operating systems.^[4]

WebScarab is meant to act as a framework, being extensible and with most features being implemented as plugins.^[3]

Features

Some of the features provided by plugins include: ^[3]

• An intercepting proxy server
• Executing Java commands with BeanShell
• Emulating a slower network
• Acting as a web crawler
• Fuzzing request parameters
• Cross-site scripting analysis