EnglishFrenchSpanish

OnWorks favicon

ratproxy - Online in the Cloud

Run ratproxy in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command ratproxy that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


ratproxy - a passive web application security assessment tool

SYNOPSIS


ratproxy [-w logfile] [-v logdir] [-p port] [-d domain] [-P host:port]
[-xtifkgmjscael2XCr]

DESCRIPTION


Ratproxy is a semi-automated, largely passive web application security audit tool. It is
meant to complement active crawlers and manual proxies more commonly used for this task,
and is optimized specifically for an accurate and sensitive detection, and automatic
annotation, of potential problems and security-relevant design patterns based on the
observation of existing, user-initiated traffic in complex web 2.0 environments.

OPTIONS


-w logfile - write results to a specified file (default: stdout)

-v logdir - write HTTP traces to a specified directory (default: none)

-p port - listen on a custom TCP port (default: 8080)

-d domain - analyze requests to specified domains only (default: all)

-P host:port - use upstream proxy for all requests (format host:port)

-r - accept remote connections (default: 127.0.0.1 only)

-l - use response length, not checksum, for identity check

-2 - perform two, not one, page identity check

-e - perform pedantic caching headers checks

-x - log all XSS candidates

-t - log all directory traversal candidates

-i - log all PNG files served inline

-f - log all Flash applications for analysis (add -v to decompile)

-s - log all POST requests for analysis

-c - log all cookie setting URLs for analysis

-g - perform XSRF token checks on all GET requests

-j - report on risky Javascript constructions

-m - log all active content referenced across domains

-X - disruptively validate XSRF, XSS protections

-C - try to auto-correct persistent side effects of -X

-k - flag HTTP requests as bad (for HTTPS-only applications)

-a - indiscriminately report all visited URLs

EXAMPLES


Example settings suitable for most tests:

1) Low verbosity : -v <outdir> -w <outfile> -d <domain> -lfscm

2) High verbosity : -v <outdir> -w <outfile> -d <domain> -lextifscgjm

3) Active testing : -v <outdir> -w <outfile> -d <domain> -XClfscm

Multiple -d options are allowed. Consult the documentation for more.

Use ratproxy online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

Linux commands

  • 1
    a2crd
    a2crd
    a2crd - attempts the conversion of
    lyrics file into chordii input ...
    Run a2crd
  • 2
    a2j
    a2j
    a2j - Wrapper script to simulate
    a2jmidid's non-DBUS behaviour though
    a2jmidid actually being in DBUS mode ...
    Run a2j
  • 3
    cowpoke
    cowpoke
    cowpoke - Build a Debian source package
    in a remote cowbuilder instance ...
    Run cowpoke
  • 4
    cp
    cp
    cp - copy files and directories ...
    Run cp
  • 5
    gbnlreg
    gbnlreg
    gbnlreg - Non linear regression ...
    Run gbnlreg
  • 6
    gbonds
    gbonds
    gbonds - U.S. savings bond inventory
    program for GNOME ...
    Run gbonds
  • More »

Ad