From Wikipedia, the free encyclopedia
Developer(s)The Open Web Application Security Project
Written inJava

WebScarab is a web security application testing tool. It serves as a proxy that intercepts and allows people to alter web browser web requests (both HTTP and HTTPS) and web server replies. WebScarab also may record traffic for further review.[1]

WebScarab is an open source tool developed by The Open Web Application Security Project (OWASP), and was implemented in Java so it could run across multiple operating systems. In 2013 official development of WebScarab slowed, and it appears that OWASP's Zed Attack Proxy ("ZAP") Project (another Java-based, open source proxy tool but with more features and active development) is WebScarab's official successor,[2][3] although ZAP itself was forked from the Paros Proxy, not WebScarab.[4]


  1. ^ Hope, Paco; Walther, Ben (2008), Web Security Testing Cookbook, Sebastopol, CA: O'Reilly Media, Inc., ISBN 978-0-596-51483-9
  2. ^ "OWASP-WebScarab check-in history". GitHub. Retrieved 5 May 2014.
  3. ^ "zaproxy change list". Google Code. Retrieved 5 May 2014.
  4. ^ "OWASP Zed Attack Proxy Project - Features". OWASP. Retrieved 5 May 2014.

External links[edit]