Web Application Security
RE: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool Aug 09 2011 09:34AM
Context IS - Disclosure (disclosure contextis co uk)
Under native Windows, CAT will only use IE to render the HTML. I can see your point as to why you might not want to use IE and I will look into adding in a Gecko rendering option for the next version.

Under Mono it uses the Mono provided WebBrowser control, which rendering engine is used depends on the operating system's configuration e.g. Gecko or WebKit. For more details see:
http://www.mono-project.com/WebBrowser

The license can be see here:
http://www.contextis.co.uk/resources/tools/cat/download/Cat_EULA.txt

Cheers,
Mike

________________________________________
From: Valdis.Kletnieks (at) vt (dot) edu [email concealed] [Valdis.Kletnieks (at) vt (dot) edu [email concealed]]
Sent: 04 August 2011 15:35
To: Context IS - Disclosure
Cc: full-disclosure (at) lists.grok.org (dot) uk [email concealed]; webappsec (at) securityfocus (dot) com [email concealed]; websecurity (at) webappsec (dot) org [email concealed]; owasp-all (at) lists.owasp (dot) org [email concealed]
Subject: Re: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool

On Thu, 04 Aug 2011 01:45:16 BST, Context IS - Disclosure said:
> CAT is a tool for manual web application penetration testing and includes t he following features:

Sounds at least potentially interesting. A few questions:

> - CAT uses Internet Explorer's rendering engine for accurate HTML representation

Is this optional/switchable? Might be nice to *not* use the actual IE render
engine if you're working on serving up a client-side exploit via XSS - that would
be shooting yourself in the foot then. ;)

> - MONO Support for Linux and OSX (Currently in Beta).

What render engine does it use for Linux/OSX? Or is this referring to using
MONO to talk from a Windows test box to a Linux/OSX target?

> - It is totally free!

What license?

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus