'RE: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       webappsec
Subject:    RE: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool
From:       Context IS - Disclosure <disclosure () contextis ! co ! uk>
Date:       2011-08-09 9:34:53
Message-ID: 9CE75E98979ABC448892B4284A51E252CD6855B8DE () kestrel ! london ! contextis ! co ! uk
[Download RAW message or body]

Under native Windows, CAT will only use IE to render the HTML.  I can see your point \
as to why you might not want to use IE and I will look into adding in a Gecko \
rendering option for the next version.  
Under Mono it uses the Mono provided WebBrowser control, which rendering engine is \
used depends on the operating system's configuration e.g. Gecko or WebKit.  For more \
details see: http://www.mono-project.com/WebBrowser

The license can be see here:
http://www.contextis.co.uk/resources/tools/cat/download/Cat_EULA.txt

Cheers,
Mike

________________________________________
From: Valdis.Kletnieks@vt.edu [Valdis.Kletnieks@vt.edu]
Sent: 04 August 2011 15:35
To: Context IS - Disclosure
Cc: full-disclosure@lists.grok.org.uk; webappsec@securityfocus.com; \
                websecurity@webappsec.org; owasp-all@lists.owasp.org
Subject: Re: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool

On Thu, 04 Aug 2011 01:45:16 BST, Context IS - Disclosure said:
> CAT is a tool for manual web application penetration testing and includes t he \
> following features:

Sounds at least potentially interesting.  A few questions:

> -          CAT uses Internet Explorer's rendering engine for accurate HTML \
> representation

Is this optional/switchable?  Might be nice to *not* use the actual IE render
engine if you're working on serving up a client-side exploit via XSS - that would
be shooting yourself in the foot then. ;)

> -          MONO Support for Linux and OSX (Currently in Beta).

What render engine does it use for Linux/OSX? Or is this referring to using
MONO to talk from a Windows test box to a Linux/OSX target?

> -          It is totally free!

What license?


This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now! 
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic