| WebScarab | Exodus | Dave Aitel's Spike Proxy | Sverre Huseby's PenProxy | @Stake WebProxy | Mangle | Paros | Achilles | |
|---|---|---|---|---|---|---|---|---|
| License | GPL | GPL | Unknown | Free? | Commercial | GPL | Clarified Artistic License | Free, but no source |
| Portability | Yes. Java | Yes. Java | Yes. Python | Yes. Java | Yes. Java | No. Linux Perl and Gtk | Yes. Java | Sort of. Win32, or Unix via Wine |
| Connection Capability | HTTP and HTTPS. HTTP/1.1 in progress |
HTTP and HTTPS. HTTP/1.0 | HTTP and HTTPS | HTTP | HTTP and HTTPS | HTTP and HTTPS | HTTP and HTTPS. HTTP/1.1 | HTTP and HTTPS. HTTP/1.0 |
| Interface | Swing | Swing | Browser based. | Swing | Swing | Gtk | Swing | Win32 GUI |
| Interception | Requests and responses | Requests and responses | Unknown | Requests | Requests. Responses unknown | Requests and responses | Requests and responses | Requests and Responses |
| Extensibility | Far better than Exodus ;-) | Designed to be. | Yes, I'm sure. | Limited. No real support | Yes, but proprietary | Not really | Unknown | No |
| Other functions | Conversation summaries, HTTP/S reverse proxies, Spider sites, Edit and resubmit requests, sample and analyse sessionids. Shows scripts, comments and forms in HTML | Shows scripts, comments, forms, simple spider, simple fuzzer | Fuzzer, SQL injection tests, XSS tests, others | None | Fuzzer, spider, NTLM auth | None | Vulnerablity checks, reporting | not sure |
Here are some links to other proxy based security tools that may be of interest:
Here is an index of WebProxies, maintained by ProfessionalSecurityTesters
Exodus is © 2003 by Rogan Dawes <rogan@dawes.za.net>