WATOBO - THE Web Application Toolbox

WATOBO is a security tool for web applications. WATOBO is intended to enable security professionals to perform efficient (semi-automated) web application security audits.

Most important features:

Installation

Please install Ruby 1.9.2+ first before you continue.

Note: Ruby 1.8 is no longer supported!

Note: WATOBO will not run under Ruby 1.8 anymore!

Note: Please upgrade Ruby to 1.9.2+, because WATOBO will not run under Ruby 1.8!

Note: Ruby 1.8 is crap, so get rid of it!

… just want to be sure ;)

Windows 7/Vista/XP

gem install watobo

BackTrack 5

gem install selenium-webdriver
gem install watobo

Generic Linux (with APT)

Based on Lyle Johnsons tutorial github.com/lylejohnson/fxruby/wiki/Setting-Up-a-Linux-Build-Environment

apt-get -y install ruby-full
apt-get -y install install zlib1g-dev libbz2-dev libpng12-dev libjpeg62-dev libtiff4-dev
apt-get -y install zlib1g-dev libbz2-dev libpng12-dev libjpeg62-dev libtiff4-dev
apt-get -y install libx11-dev libglu1-xorg-dev libxcursor-dev libxext-dev libxrandr-dev libxft2-dev
apt-get -y install g++

Use version 1.6.44 only. The 1.7 branch is incompatible with fxruby! You can download it from the fox-tookit homepage www.fox-toolkit.org/

wget http://ftp.fox-toolkit.org/pub/fox-1.6.44.tar.gz
tar xzvf fox-1.6.44.tar.gz
cd fox-1.6.44
./configure
make
make install
cd ..

First install the selenium-webdriver gem which is necessary on xnix platforms for the browser preview feature of watobo.

gem install selenium-webdriver

Finally install the watobo gem.

gem install watobo

Usage

In your command prompt start WATOBO with the command:

watobo_gui.rb

After starting WATOBO the interception proxy is listening on localhost:8081.

Configure your browser to use WATOBO as its proxy and visit the site you want to audit.

Documentation

Check the online (video) tutorials at watobo.sourceforge.net

Tips & Tricks