#6 Some questions


Hi Rogan.

I'm analysing some web applications with WebScarab but
I don`t understand some aspects of this tool. How I
can use SessionID Analysis?, can I do with WebSacarab
reports in XML format?, Where are the WebScarab tests
to use them with my web applications?, can you help

Thanks for all. Bye.


  • Rogan Dawes

    Rogan Dawes - 2004-09-27

    Logged In: YES

    Hi deuntajo,

    As I mentioned before, WebScarab is not a point and click
    tool. It does not have any "canned" tests that you can use to
    test your applications. You need to perform any
    tests/changes, etc to the requests yourself.

    At this point, there are also no reports generated, XML or
    otherwise. It is not something that has a high priority for me
    at the moment, I'm afraid.

    With regards to using the Session ID analysis, the intention is
    to visually show any non-random id generation. By collecting
    a number of sessionIDs, converting the strings to an integer,
    and plotting them on a graph, it should be easy for the human
    eye to see any patterns in the IDs, as there would be visible
    lines, or groups, or some other pattern.

    At the moment, you can only collect sessionids that are set in
    cookies. The crucial thing is that you need to name the
    sessionID appropriately for the cookie. The format of the
    name is "(host or domain)(path)(space)(cookie name)"

    So, e.g. if you request http://www.site.com/admin/page.asp,
    and you get a Set-Cookie line in the response that looks like:

    Set-Cookie: ASPSESSIONID=abcdef; Path=/admin

    then the appropriate name would be "www.site.com/admin
    ASPSESSIONID" without the quotes, of course.

    You can use the "test" button to verify that you have got the
    name correct before requesting a whole bunch of responses.

    Hope this has helped.


  • Rogan Dawes

    Rogan Dawes - 2004-10-02
    • status: open --> closed

Log in to post a comment.