psiinon
commented
7 years ago I actually asked Rogan (WebScarab creator) about this. He strongly recommended that we should NOT copy the WebScarb code - he said he now realises that it was fundamentally flawed. I'd be very happy if we could generate a suitable graph, but we should only do so if it is really useful.
Recently, I had the need to use Token Generator in an assessment and, although there was a very clear tab detailing the calculation process, i felt it lacked (i couldn't find it, at least) a graph or something like that that could be used as an evidence of the token's randomness in the report.
I was thinking about something like this: http://travisaltman.com/webscarab-tutorial-part-2-sessiond-id-analysis/