WebScarab has support for client side SSL certificates. At the moment, it can only access keys and certificates stored in PKCS#12 format files. Simply provide the location of the PKCS#12 file and the relevant passwords, and any requests for SSL URLs that pass through WebScarab will be made using that client certificate.
Note:WebScarab can't use client-side certificates on smart cards yet. There should be nothing fundamental preventing WebScarab from using client certificates. In fact, Sun's JRE 1.5 has basic support for PKCS#11-accessible devices. It would probably be easy for anyone who actually has access to a smart-card reader, and the desire to implement this feature to do this. For some ideas, see http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html