Mac Osx Tool For Watching Network Trafic
Network Traffic Monitor shows you which process in your machine are causing TCP or IP network traffic, how much traffic that is, and over which IP ports this traffic takes place. Process Traffic Monitor is the perfect tool for you. The tool helps find which process/application utilizes more resources in a system, monitor TCP/IP network pattern and set threshold values for incoming and outgoing bandwidth traffic. This tool sends packets of data over the network to a specified address, which can help you figure out if the remote server in question is encountering problems. Jun 07, 2013 Mac OS X includes an excellent command line network utility called “nettop” that allows users to monitor all network activity, traffic, and routes from a Mac to the outside world, both through local (LAN) and wide area (WAN) connections.
Join hundreds of InfoSec professionals at our upcoming [Global AppSec DC, September 9-13] and [Global AppSec Amsterdam, September 23-27] |
This page contains content that is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were once valid but may now link to sites or pages that no longer exist.
Please use the newer Edition(s) like OWASP Zed Attack Proxy Project
This project has produced a book that can be downloaded or purchased. Feel free to browse the full catalog of available OWASP books. |
This project is part of the OWASP Breakers community. Feel free to browse other projects within the Defenders, Builders, and Breakers communities. |
Welcome to the WebScarab Project
Network tools that simulate slow network connection [closed]. So it works great on OSX (haven't tried it on Windows or Linux yet) - easy to install & run, works.
WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.
You may also be interested in testing the Next Generation of WebScarab.
Screenshots
Here's the main window of WebScarab. Check the WebScarab Getting Started guide for more screenshots of WebScarab in action.
Overview
There is no shiny red button on WebScarab, it is a tool primarily designed to be used by people who can write code themselves, or at least have a pretty good understanding of the HTTP protocol. If that sounds like you, welcome! Download WebScarab, sign up for the mailing list on the OWASP subscription page, and enjoy! You can read a brief tutorial to explain the basic workings.
WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.
Download
The canonical source repository for WebScarab is at GitHub. A zip archive of the tip of tree can be downloaded here.
Historical Versions:
Alternatively, you can download older builds of WebScarab from the OWASP Source Code Center at Sourceforge. Then install them likewise:
- Linux: java -jar ./webscarab-selfcontained-[numbers].jar
- Windows: double-click the installer jar file (complete installation instructions))
Features
A framework without any functions is worthless, of course, and so WebScarab provides a number of plugins, mainly aimed at the security functionality for the moment. Those plugins include:
- Fragments - extracts Scripts and HTML comments from HTML pages as they are seen via the proxy, or other plugins
- Proxy - observes traffic between the browser and the web server. The WebScarab proxy is able to observe both HTTP and encrypted HTTPS traffic, by negotiating an SSL connection between WebScarab and the browser instead of simply connecting the browser to the server and allowing an encrypted stream to pass through it. Various proxy plugins have also been developed to allow the operator to control the requests and responses that pass through the proxy.
- Manual intercept - allows the user to modify HTTP and HTTPS requests and responses on the fly, before they reach the server or browser.
- Beanshell - allows for the execution of arbitrarily complex operations on requests and responses. Anything that can be expressed in Java can be executed.
- Reveal hidden fields - sometimes it is easier to modify a hidden field in the page itself, rather than intercepting the request after it has been sent. This plugin simply changes all hidden fields found in HTML pages to text fields, making them visible, and editable.
- Bandwidth simulator - allows the user to emulate a slower network, in order to observe how their website would perform when accessed over, say, a modem.
- Spider - identifies new URLs on the target site, and fetches them on command.
- Manual request - Allows editing and replay of previous requests, or creation of entirely new requests.
- SessionID analysis - collects and analyzes a number of cookies to visually determine the degree of randomness and unpredictability. Note that this analysis is rather trivial, and does not do any serious checks, such as FIPS, etc.
- Scripted - operators can use BeanShell (or any other BSF supported language found on the classpath) to write a script to create requests and fetch them from the server. The script can then perform some analysis on the responses, with all the power of the WebScarab Request and Response object model to simplify things.
- Parameter fuzzer - performs automated substitution of parameter values that are likely to expose incomplete parameter validation, leading to vulnerabilities like Cross Site Scripting (XSS) and SQL Injection.
- Search - allows the user to craft arbitrary BeanShell expressions to identify conversations that should be shown in the list.
- Compare - calculates the edit distance between the response bodies of the conversations observed, and a selected baseline conversation. The edit distance is 'the number of edits required to transform one document into another'. For performance reasons, edits are calculated using word tokens, rather than byte by byte.
- SOAP - There is a plugin that parses WSDL, and presents the various functions and the required parameters, allowing them to be edited before being sent to the server. NOTE: This plugin is deprecated, and may be removed in the future. SOAPUI is streets beyond anything that Webscarab can do, or will ever do, and is also a free tool.
- Extensions - automates checks for files that were mistakenly left in web server's root directory (e.g. .bak, ~, etc). Checks are performed for both, files and directories (e.g. /app/login.jsp will be checked for /app/login.jsp.bak, /app/login.jsp~, /app.zip, /app.tar.gz, etc). Extensions for files and directories can be edited by user.
- XSS/CRLF - passive analysis plugin that searches for user-controlled data in HTTP response headers and body to identify potential CRLF injection (HTTP response splitting) and reflected cross-site scripting (XSS) vulnerabilities.
Training Material
Aung Khant (YGN Ethical Hacker Group, Myanmar) has created a series of WebScarab movies which can be found here.
There are slides of the presentation 'Uncovering Webscarab's Hidden Treasures', given at the OWASP EU Summit 2008, available here.
Future development
Features will probably include:
- Combining the Search and Compare plugins, so that you can compare only specific responses
- Improving the fuzzer, adding ability to follow redirects, or to specify the number of threads to use. Also, adding the ability to define what is (or isn't) interesting in the fuzz results, and save only interesting conversations to the summary.
Extensibility
Best Mac Network Tools
As a framework, WebScarab is extensible. Each feature above is implemented as a plugin, and can be removed or replaced. New features can be easily implemented as well. The sky is the limit! If you have a great idea for a plugin, please let us know about it on the list.
Project Contributors
The WebScarab project is run by Rogan Dawes. He can be contacted at rogan AT dawes.za.net
PROJECT INFO What does this OWASP project offer you? | RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
Pages in category 'OWASP WebScarab Project'
The following 16 pages are in this category, out of 16 total.
C
G
H
O
P
W
Wi-Fi is essential to most Mac users, but what happens when your network gets sketchy? Apple's hidden Wi-Fi Diagnostics tool should help you improve Wi-Fi performance.
[ABOVE: Apple's Wi-Fi Diagnostics tool should look like this. I've deleted BSSID and network names for security.]
The hidden tool
To access Wi-Fi Diagnostics, Option-click on the Wi-Fi icon in your Menu bar. In the drop-down menu that appears, select 'Open Wireless Diagnostics.' The Wi-Fi Diagnostics app is hidden inside /System/Library/CoreServices/Applications, from where you can drag the app icon to make it easily available in your Dock.
When you launch the app, a screen appears to tell you what the tool does and asks you to let it run tests to determine the state of your current Wi-Fi connection; these can take a few minutes to complete.
While in Wireless Diagnostics, open the Utilities Window via the Menu bar (Command-2). This shows you much information inside: Info, Logging and Performance windows; A Frame Capture mode to sniff network traffic and a Wi-Fi Scan mode that captures useful info about your own and other networks in your area.
Check the channels
The first thing to check is what channel your network is on in comparison with other networks in your area. If you find you are sharing a channel with others nearby, it helps to change the channel on your router to one the other networks aren't using -- a clear channel usually improves reception quality.
You can use the information to determine the strength of your Wi-Fi signal (or use the Performance tab in this window to see how the tool sees your network performance in the Quality section to top left).
Assessing signal strength
The Wi-Fi scan pane offers two metrics to help you determine this: Signal (RSSI, Received Signal Strength Indication) and Noise.
The first refers to the strength of the signal between your Mac and your router. Higher numbers are better but because these are rated as minus numbers, it's important to note that an RSSI of -60 is actually much better than an RSSI of -80.
Noise refers to the amount of wireless noise that may be affecting Wi-Fi reception. Neighboring networks, or the usual network interference culprits such as microwaves or some cordless phones, can impact your reception. Like RSSI this is measured in minus numbers, but a lower number is best, so a Noise level of -46 is better than one of -40.
The difference between these numbers is the quality of your network, so if you have an RSSI of -47 and a Noise level of -96 then the difference is 49. This is called the SNR (Signal to Noise Ratio) and the higher this number is the better your Wi-Fi performance will be. An SNR of 25 or above means you should have good performance.
Tips
The Performance pane shows you the quality of your Wi-Fi over time. Given that some electrical devices (including devices situated in neighboring rooms and homes) and other networks can impact your performance, you might want to keep an eye on this while moving your Mac around. You may eventually find a place in your space in which performance is better than anywhere else, or achieve better performance by switching off other computers or electrical devices.
Other terms that may be useful when using this tool:
- BSSID: This is the identifier for your airport hardware.
- Security: The kind of encryption used -- try to use WPA 2. Do not use WEP, as this is compromised.
- Transmit Rate: Data speed.
I hope this short report helps demystify and explain a little of what you can do with Wi-Fi Diagnostics.
Mavericks Tips and Tricks
- More Tips and Tricks
Mac Osx Tool For Watching Network Traffic
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?
Macos Tool For Watching Network Traffic Not Corruption
Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.