If you’ve been following our series on Web Application Security Auditing then you know that we’re fans of WebScarab from OWASP. I’m also a pretty big fan of the Burp Suite, but today I want to tell you about a feature that you may not have used in WebScarab that can make your life easier.
When you’re performing testing, especially fuzzing, you may want to answer a few questions without having to personally look at thousands of pages that have been collected by the fuzzer. For instance, perhaps I’d like to automatically identify any queries that resulted in SQL errors or perhaps I’d like to find any and all conversations that include HTML comments. It turns out that this is pretty easy.
If you have a look on the far right hand side you’ll find a tab labeled “Search.” The Search tab allows you to add custom searches easily, but the interface may not be what you expect. Rather than entering keywords to look for you actually have to add JavaBean code. Have no fear! While these can be complicated there’s a super simple recipe that can be used to do quick searches easily! The recipe is:
new String(response.getContent()).indexOf("SQL") > -1
That’s it! Let me explain what this does. What this means is, get the content returned in the response. Take that content and turn it into a string. Now, search through that string for the keyword “SQL” and if you find it, return the offset where it appears in the response. If that offset is zero or higher then “SQL” appears in the response. If the result is -1 then the string is not in the result. You’re done!
With this in place, WebScarab will automatically filter all of the conversations/requests that have occurred and display only those that match this condition. Voila!