WATOBO - The Webapplication Toolbox

About

WATABO is a security tool for testing web applications. It is intended to enable security professionals to perform efficient (semi-automated) web application security audits.

Most important features:

WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures. So you don’t have to login manually each time you get logged out.
WATOB can act as a transparent proxy (requires nfqueue)
WATOBO can perform vulnerability checks out of the box
WATOBO can perform checks on functions which are protected by Anti-CSRF-/One-Time-Tokens
WATOBO supports Inline De-/Encoding, so you don’t have to copy strings to a transcoder and back again. Just do it inside the request/response window with a simple mouse click.
WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
WATOBO is written in (FX)Ruby and enables you to easily define your own checks
WATOBO runs on Windows, Linux, MacOS ... every OS supporting (FX)Ruby
WATOBO is free software ( licensed under the GNU General Public License Version 2)
It’s by siberas ;)

Installation on Windows

If you already have a running ruby installation, you can install watobo via 'gem'

.
c:\>


  gem install watobo

This might take some time ...

To start watobo enter
c:\>


  watobo_gui

This video will show you the full installation, including Ruby, DevKit & watobo.

Note: Other than as stated in the video, you can use any ruby version > 1.9.3

Installation on Kali Linux

WATOBO is included in the official Kali Linux repo. You can install it by


	apt-get install watobo

Note:
If you run into trouble with the package shipped with your linux distribution, please check for alternative deb-packages at SourceForge

Installation on Linux

The installation process for a Ubuntu based linux is described on our blog: Installing FX/Ruby on (Kali) Linux

Tutorials

How to run WATOBO as a transparent proxy	Blog
Using the custom viewer	Blog
Using the crawler plugin	Video
Testing CSRF/One-Time-Token protected functions	Video

Community

Feature Requests/Bug Reports
Please report issues at GitHub.

Make your hands dirty
Code is available at github GitHub.

Spread the word
The most easiest way to help projects like WATOBO is to make it more public. So talk, tweet, mail, write about it!