OWASP’s WebScarab is a Java-based web proxy. We use it quite a bit in our web application security assessments and training classes. It also comes in handy as a debugging tool when building web applications.
This weekend I was having problems with a misconfigured off-the-shelf web application that was rendering URLs incorrectly on the server side. It was sending back bad URLs for the included images and stylesheets, causing the pages to render incorrectly and basically making the site unusable. If I had all sorts of time on my hands perhaps I would do something like “go and find the root cause and actually fix the underlying problem” Since I’m kind of lazy and was in a bit of a time crunch I decided to just write a quick script in WebScarab to rewrite the URLs on the client side. That way the request URLs get changed before they reach the server side, the server sends back the proper resources and the site works like it should.
I didn’t want to rewrite all of the request URLs because the ones for dynamic content were being rendered correctly. I only wanted to modify the ones for static HTML/image/stylesheets. So… if the server tells the browser to request:
/cgi-bin/cgi.exe/application/html/images/logo.gif
what I actually want to request is:
/html/images/logo.gif
Below is the code I used. To make it work you should just have to set the stringToFind and stringToReplace variables.
/* Please read the JavaDoc and/or the source to understand what methods are available */
import org.owasp.webscarab.model.Request;
import org.owasp.webscarab.model.Response;
import org.owasp.webscarab.httpclient.HTTPClient;
import org.owasp.webscarab.model.HttpUrl;
import java.io.IOException;
public Response fetchResponse(HTTPClient nextPlugin, Request request) throws IOException {
// TODO – Update these strings for the desired replacement
String stringToFind = “/cgi-bin/cgi.exe/application/html”;
String stringToReplace = “/cgi-bin/cgi.exe/application”;
String originalUrl = request.getURL().toString();
if(originalUrl != null) {
int startIndex = originalUrl.indexOf(stringToFind);
if(startIndex >= 0) {
String newUrlStart = originalUrl.substring(0, startIndex);
String newUrlEnd = originalUrl.substring(startIndex + stringToReplace.length());
String newUrl = newUrlStart + newUrlEnd;
request.setURL(new HttpUrl(newUrl));
} else {
// No need to rewrite the URL
}
}
response = nextPlugin.fetchResponse(request);
return response;
}
This code gets placed in the Proxy -> Bean Shell tab and you click Commit to enable it. Worked like a champ.
Contact us for help getting the most out of OWASP tools.
–Dan
dan _at_ denimgroup.com
Nice work! That is one of the reasons that I added the scripting support, so that people could do things that are not easily expressed in other ways. While this particular use case could have been satisfied by a simple match/replace, the scripting feature gives the ability to do so much more as well!
Thanks for writing it up!
Good answer back in return of this matter with genuine arguments and describing all about that.