Update Watobo v-0.9.9

New Features sinces Version 0.9.8 :

  • Ruby 1.9 Support – no more 1.8 don’t even try it 😉
  • WATOBO available as a Gem
  • Reorganisation of WATOBO settings files.
  • Reorganisation of WATOBO project.
  • Introduced Framework capabilities
  • Changed version numbering for Gem compatibility
  • SSLChecker-Plugin: nicer gui, now you can scan a site which is not already in conversation list
  • Conversation-Table: better search features, e.g. URL, Request or Response
  • Chat-Viewer: added a ‘save’-button to save the response’s body to a file, e.g. save a flash file for further investigations
  • Scanner: now follows 302-redirects – this option is only available via QuickScan
  • GUI: purge (multiple) findings is possibel via FindingsTree
Fixes :
  • lib/mixin/request_parser.rb: fixed file handling
  • fixed pattern for detecting file upload fields
  • optimized “tagless” view
  • optimized lots of threading stuff, e.g. progress bars, log-windows, …
  • lib/qGui: changed progress_window

WATOBO is intended to enable security professionals to perform highly efficient (semi-automated ) web application security audits. We are convinced that the semi-automated approach is the best way to perform an accurate audit and to identify most of the vulnerabilities.
WATOBO has no attack capabilities and is provided for legal vulnerability audit purposes only.

Most important features:

  • WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
  • WATOBO can perform vulnerability checks out of the box.
  • WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
  • WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
  • WATOBO is written in (FX)Ruby and enables you to easiely define your own checks
  • WATOBO is free software ( licensed under the GNU General Public License Version 2)
  • It’s by siberas 😉
  • Please install Ruby 1.9.2+ first before you continue.
  • Note: Ruby 1.8 is no longer supported!
  • Note: WATOBO will not run under Ruby 1.8 anymore!
  • Note: Please upgrade Ruby to 1.9.2+, because WATOBO will not run under Ruby 1.8!
  • Note: Ruby 1.8 is crap, so get rid of it! … just want to be sure 😉

Windows 7/Vista/XP Video Installation: http://watobo.sourceforge.net/Videos/watobo-windows-installation/watobo-windows-installation.html

gem install watobo
BackTrack 5 , Video Installation http://watobo.sourceforge.net/Videos/install_bt5/WATOBO-Install_BT5.html

gem install selenium-webdriver
gem install watobo
Generic Linux (with APT)

Install Ruby via RVM
Setting up a build environment for linux
Based on Lyle Johnsons tutorial github.com/lylejohnson/fxruby/wiki/Setting-Up-a-Linux-Build-Environment

apt-get -y install ruby-full
apt-get -y install install zlib1g-dev libbz2-dev libpng12-dev libjpeg62-dev libtiff4-dev
apt-get -y install zlib1g-dev libbz2-dev libpng12-dev libjpeg62-dev libtiff4-dev
apt-get -y install libx11-dev libglu1-xorg-dev libxcursor-dev libxext-dev libxrandr-dev libxft2-dev
apt-get -y install g++
Install the Fox-Toolkit libs
Use version 1.6.44 only. The 1.7 branch is incompatible with fxruby! You can download it from the fox-tookit homepage www.fox-toolkit.org/

wget http://ftp.fox-toolkit.org/pub/fox-1.6.44.tar.gz
tar xzvf fox-1.6.44.tar.gz
cd fox-1.6.44
make install
cd ..
Install the Gems
First install the selenium-webdriver gem which is necessary on xnix platforms for the browser preview feature of watobo.

gem install selenium-webdriver
Finally install the watobo gem.

gem install watobo


In your command prompt start WATOBO with the command:
After starting WATOBO the interception proxy is listening on localhost:8081.

Configure your browser to use WATOBO as its proxy and visit the site you want to audit.

Download : watobo-0.9.9.pre1.gem (546.8 kB)
Find Other version |
Read more in here watobo
Our Post Before : http://www.seclist.us/2012/06/watobo-v-098-released-web-application.html