Making WebScarab module
From OWASP Live CD 2008
Making WebScarab module from binaries
(how the WebScarab original WebScarab module was created)
Contents |
Get the source for WebScarab
Rogan, the author of WebScarab has made the source available via git - a distributed version control system. You'll first need to install git on your system, then you can get a copy of the WebScarab source. In git-speak, you cloan the repository. Installation of git is beyond the scope of this document, look at your distribution/OS site or grab the code from the official git site. For Debian/Ubuntu users, it should be as easy as running:
$ sudo apt-get install git-core
After you have git installed, run the commands below to get a copy locally:
$ mkdir build-webscarab $ cd build-webscarab $ git clone http://dawes.za.net/rogan/webscarab/webscarab.git/
After that command completes, you'll have a local copy of the source in a directory named webscarab.
Building WebScarab from source
Note: The instructions which follow were done on an Ubuntu 8-04 system. For other systems, there will quite likely be minor changes to the commands and packages needed. However, the general process should work on any system.
(1) Install the prerequisites (ant, docbook-xsl, proguard and maybe Sun JDK if you don't have it)
$ sudo apt-get install ant sun-java6-jdk docbook-xsl proguard
If you have another JDK or JRE installed, it wouldn't hurt to make sure the systems Java is setup correctly, especially the JAVA_HOME environment variable. Do to this, run:
$ sudo update-java-alternatives --set java-6-sun
(2) Create a new local.properties file
The local.properties file is used by Ant to hold paths to dependencies. You'll need to create a local.properties file in the webscarab directory that looks like:
izpack.properties=/path/to/izpack proguard.location=/path/to/proguard docbook.location=/path/to/stylesheets
NOTE: There is a bug in the Proguard package on Ubuntu 8-04. It does not include the necessary bits to be an Ant target - specifically the jar is missing the ant subdirectory. A workaround for this is to download the latest Proguard from the download site. Extract the tarball and replace the jar provided by the Debain package.
$ tar -xzvf proguard4.3.tar.gz $ sudo mkdir /usr/share/java/lib $ sudo cp proguard4.3/lib/proguard.jar /usr/share/java/lib
For Ubuntu (specifically 8-04):
$ cd webscarab $ cat <<"EOF" > local.properties > izpack.properties=/path/to/izpack > proguard.location=/usr/share/java > docbook.location = /usr/share/xml/docbook/stylesheet/nwalsh > EOF $ cat local.properties izpack.properties=/usr/local/IzPack proguard.location=/usr/share/java docbook.location = /usr/share/xml/docbook/stylesheet/nwalsh
(3) Run the Ant build script
$ mkdir doc/userguide/javahelp
$ ant javahelp
[build happens]
BUILD SUCCESSFUL
Total time: 2 seconds
$ ant build
[build happens]
BUILD SUCCESSFUL
Total time: 19 seconds
(4) Test the build (and check for the help files in the GUI)
$ java -jar webscarab.jar 16:02:15 main(Proxy.parseListenerConfig): No proxies configured!? 16:02:17 Listener-127.0.0.1:8008(Listener.listen): Proxy listening on 127.0.0.1:8008 16:02:33 Listener-127.0.0.1:8008(Listener.run): Not listening on 127.0.0.1:8008
(5) Grab only the needed files into a directory for distribution
$ mkdir ../dist $ cp webscarab.jar ../dist/ $ cp -a doc/ ../dist/ $ cp webscarab_logo.gif ../dist/ $ cp -a lib/ ../dist/ $ cd ../dist/ $ java -jar webscarab.jar
Success!
BTW, IzPack is here. 4.x is the current version. Ant build scripts were done with 3.x and you can pull 3.x releases from the Subversion repository here. You don't actually need it with the instructions above since we don't call a build target that uses it but if you want to build an installer version, you will need it.
Create the needed directories in fakeroot
Eventually, we'll use dir2lzm to make the module, so lets get the directories created that we need:
$ mkdir -p ./fakeroot/opt/owasp/webscarab $ mkdir -p ./fakeroot/usr/share/aplications $ mkdir -p ./fakeroot/usr/share/pixmaps $ mkdir -p ./fakeroot/root
More on that ./fakeroot/root directory later
Create and put the module's files into the fakeroot directory
Getting WebScarab in the module is easy since we've already built it in the steps above.
$ cp -a temp/build-webscarab/dist/* fakeroot/opt/owasp/webscarab/
Creating WebScarab's menu file is rather simple. Use a text editor and create a file with the following contents:
[Desktop Entry] Encoding=UTF-8 Exec=java -jar /opt/owasp/webscarab/webscarab.jar Icon=/usr/share/pixmaps/webscarab.png Type=Application Categories=Application;Network; Name=Local Proxy Name[cs]=Local Proxy GenericName=WebScarab GenericName[cs]=WebScarab MimeType=text/html X-KDE-StartupNotify=true
I also want to add a Java WebStart version. This allows you to grab the latest version Rogan has published to his website. To create the menu item:
[Desktop Entry] Encoding=UTF-8 Exec=javaws http://dawes.za.net/rogan/webscarab/WebScarab.jnlp Icon=/usr/share/pixmaps/webscarab.png Type=Application Categories=Application;Network; Name=Local Proxy Name[cs]=Local Proxy GenericName=WebScarab Web Start GenericName[cs]=WebScarab Web Start MimeType=text/html X-KDE-StartupNotify=true
Both of these files will have to be placed in fakeroot/usr/share/applications/ as webscarab.desktop and webscarab-webstart.desktop.
The icon was a bit interesting. I didn't get one with the download (selfcontained-20070504-1631.jar). I downloaded the actual source ( webscarab-src-20070504-1631.zip) which did have the logo at ./webscarab-20070504-1631/src/org/owasp/webscarab/webscarab_logo.gif after I unzipped it. A quick run through Gimp to convert the .gif to .png and then I moved the new .png into ./fakeroot.
cp ./temp/webscarab_logo.png ./fakeroot/usr/share/pixmaps/webscarab.png
I also knew (cause I looked on the CD running in a VM) that Java wasn't on the default SLAX distro. I needed to create a Java module. I document how I did that in Making the Java module
One other thing I realized I needed (after testing the module in a freshly built iso) was a WebScarab.properties configuration file was needed so that WebScarab didn't open in its default "Lite" (and crippled) mode. I just ran WebScarab from the CD and scp'ed off the WebScarab.properties file which was created when I ran and configured WebScarab.
$ cp ./temp/WebScarab.properties ./fakeroot/root/
Generate the .lzm module
This is the easy part.
$ ./dir2lzm ./fakeroot webscarab-20090122.lzm
Add the modules to the ISO build directory
Also cake
$ cp -i webscarab-20090122.lzm ../contents/slax/base/ $ chmod 775 ../contents/slax/base/webscarab-20090122.lzm
Test the new module
Since we might have to "rinse and repeat", lets test the new module
$ cd ../contents/slax/ $ ./make_iso.sh /home/mtesauro/isos/new-owasp.iso
If anything doesn't work as expected, make the changes needed to ./fakeroot and try again.
Clean up and archive
Once you've got a working module, lets clean up a bit.
$ $ mkdir ./completed_modules/webscarab $ mv webscarab-20090122.lzm ./completed_modules/webscarab/ $ mv temp/build-webscarab/webscarab/local.properties ../completed_modules/webscarab/ $ rm -rf ./temp/*
I usually delete anything under ./fakeroot also.
$ rm -rf ./fakeroot/*
