Using WebScarab with WebGoat

  1. Start up WebScarab. It may be in basic mode.

    1. If it is, Go to Tools->Use Full Interface.

    2. Restart WebScarab.

  2. Fire up IE and go to Tools->Internet Options->Connections->LAN settings.

  3. Check Use proxy server and set address to localhost port 8008.
  4. Click OK and OK.

  5. On WebScarab go to Proxy->Manual Edit. Check Intercept Requests. Select GET and POST (using the CTRL key to select both).

  6. In IE go to http://localhost./WebGoat/attack. (notice the dot after localhost, it is required to apply proxy settings on localhost.) WebScarab should already start intercepting. The lessons should work after that. I was able to do a command injection following the steps in the solution. I have now put the proxy settings back to the way they were and shut down WebGoat (for security reasons, not sure if that was necessary but I did it.)

NetworkSecurity/WebScarab (last edited 2009-11-03 22:05:21 by 24-183-238-75)