Jump to content


From Wikipedia, the free encyclopedia
Developer(s)The Open Web Application Security Project
Written inJava

WebScarab is a web security application testing tool. It serves as a proxy that intercepts and allows people to alter web browser web requests (both HTTP and HTTPS) and web server replies. WebScarab also may record traffic for further review.[1]



WebScarab is an open source tool developed by The Open Web Application Security Project (OWASP), and was implemented in Java so it could run across multiple operating systems.[2]

In 2013 official development of WebScarab slowed, and it appears that OWASP's Zed Attack Proxy ("ZAP") Project (another Java-based, open source proxy tool but with more features and active development) is WebScarab's official successor,[3][4] although ZAP itself was forked from the Paros Proxy, not WebScarab.[5]


  1. ^ Hope, Brian; Walther, Ben (2009). Web security testing cookbook : systematic techniques to find problems fast. Internet Archive. Sebastopol, Ca. : O'Reilly. ISBN 978-0-596-51483-9.
  2. ^ "Website Design for Crafting a Captivating Online Presence". Retrieved 2023-10-20.
  3. ^ "OWASP-WebScarab check-in history". GitHub. Retrieved 5 May 2014.
  4. ^ "zaproxy change list". Google Code. Retrieved 5 May 2014.
  5. ^ "OWASP Zed Attack Proxy Project - Features". OWASP. Retrieved 5 May 2014.