Chapter 1. About WebScarab

WebScarab is a development project, run under the auspices of the Open Web Application Security Project (OWASP). The aim of WebScarab is to provide a free (beer as well as speech) tool for web application developers and reviewers to use to understand the functioning of web applications, and to identify possible problems that could cause those web applications to malfunction.

WebScarab is licensed under the GNU General Public License v2.

WebScarab is based on a plugin architecture. Currently, the plugins are mostly security focused, but I'm sure that "normal" web developers would also be able to benefit from some of the plugins, such as the Proxy and Manual Request plugins.

WebScarab is a powerful tool, and as with many tools, can be used for good as well as for bad. In the hands of the white-hats, WebScarab can help them to find vulnerabilities, and make sure that those vulnerabilities are fixed as soon as possible. In the hands of the black-hats, WebScarab allows them to find and possibly exploit vulnerabilities.


WebScarab is a tool, nothing more. It was created with the best intentions. The author(s) cannot be held responsible for what other people choose to use it for.