Re: CAT Version 1 Released - Web App Testing Tool

[Context IS - Disclosure <disclosure () contextis co uk>]

Under native Windows, CAT will only use IE to render the HTML.  I can see your point as to why you might not want to 
use IE and I will look into adding in a Gecko rendering option for the next version.
  
Under Mono it uses the Mono provided WebBrowser control, which rendering engine is used depends on the operating 
system's configuration e.g. Gecko or WebKit.  For more details see:
http://www.mono-project.com/WebBrowser

The license can be see here:
http://www.contextis.co.uk/resources/tools/cat/download/Cat_EULA.txt

Cheers,
Mike

________________________________________
From: Valdis.Kletnieks () vt edu [Valdis.Kletnieks () vt edu]
Sent: 04 August 2011 15:35
To: Context IS - Disclosure
Cc: full-disclosure () lists grok org uk; webappsec () securityfocus com; websecurity () webappsec org; owasp-all () 
lists owasp org
Subject: Re: [Full-disclosure] CAT Version 1 Released - Web App Testing Tool

On Thu, 04 Aug 2011 01:45:16 BST, Context IS - Disclosure said:
> CAT is a tool for manual web application penetration testing and includes t he following features:

Sounds at least potentially interesting.  A few questions:

> -          CAT uses Internet Explorer's rendering engine for accurate HTML representation

Is this optional/switchable?  Might be nice to *not* use the actual IE render
engine if you're working on serving up a client-side exploit via XSS - that would
be shooting yourself in the foot then. ;)

> -          MONO Support for Linux and OSX (Currently in Beta).

What render engine does it use for Linux/OSX? Or is this referring to using
MONO to talk from a Windows test box to a Linux/OSX target?

> -          It is totally free!

What license?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/