lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 9 Aug 2011 10:34:53 +0100
From: Context IS - Disclosure <disclosure@...textis.co.uk>
To: "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
	"webappsec@...urityfocus.com" <webappsec@...urityfocus.com>,
	"owasp-all@...ts.owasp.org" <owasp-all@...ts.owasp.org>,
	"websecurity@...appsec.org" <websecurity@...appsec.org>
Subject: Re: CAT Version 1 Released - Web App Testing Tool

Under native Windows, CAT will only use IE to render the HTML.  I can see your point as to why you might not want to use IE and I will look into adding in a Gecko rendering option for the next version.
  
Under Mono it uses the Mono provided WebBrowser control, which rendering engine is used depends on the operating system's configuration e.g. Gecko or WebKit.  For more details see:
http://www.mono-project.com/WebBrowser

The license can be see here:
http://www.contextis.co.uk/resources/tools/cat/download/Cat_EULA.txt

Cheers,
Mike

________________________________________
From: Valdis.Kletnieks@...edu [Valdis.Kletnieks@...edu]
Sent: 04 August 2011 15:35
To: Context IS - Disclosure
Cc: full-disclosure@...ts.grok.org.uk; webappsec@...urityfocus.com; websecurity@...appsec.org; owasp-all@...ts.owasp.org
Subject: Re: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool

On Thu, 04 Aug 2011 01:45:16 BST, Context IS - Disclosure said:
> CAT is a tool for manual web application penetration testing and includes t he following features:

Sounds at least potentially interesting.  A few questions:

> -          CAT uses Internet Explorer's rendering engine for accurate HTML representation

Is this optional/switchable?  Might be nice to *not* use the actual IE render
engine if you're working on serving up a client-side exploit via XSS - that would
be shooting yourself in the foot then. ;)

> -          MONO Support for Linux and OSX (Currently in Beta).

What render engine does it use for Linux/OSX? Or is this referring to using
MONO to talk from a Windows test box to a Linux/OSX target?

> -          It is totally free!

What license?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ