WATOBO is intended to enable security professionals to perform highly efficient (semi-automated) web application security audits. WATOBO works like a local proxy, similar to Webscarab, Paros or BurpSuite. Additionally, WATOBO supports passive and active checks. Passive checks are more like filter functions. They are used to collect useful information, e.g. email or IP addresses. Passive checks will be performed during normal browsing activities. No additional requests are sent to the (web) application.
* WATOBO has Session Management capabilities! You can define login scripts as well as logout signatures.
* WATOB can act as a transparent proxy (requires nfqueue)
* WATOBO can perform vulnerability checks out of the box
* WATOBO can perform checks on functions which are protected by Anti-CSRF-/One-Time-Tokens
* WATOBO supports Inline De-/Encoding.
* WATOBO has smart filter functions, so you can find and navigate to the most interesting parts of the application easily.
* WATOBO is written in (FX)Ruby and enables you to easily define your own checks
* WATOBO runs on Windows, Linux, MacOS … every OS supporting (FX)Ruby
* WATOBO is free software ( licensed under the GNU General Public License Version 2)