Wednesday, July 9, 2008

Google's Ratproxy Web Security Tool for Windows

In my previous post, i announced the new security tool - Google's ratproxy. It functions as a proxy, much like paros.
sumptuousworld has compiled ratproxy v1.51 on windows.

You can download compiled ratproxy-1.51.exe for Windows here

Verification sums:
ratproxy-1.51.exe SHA1SUM 42dbe6ffa00a3987f32b19a7c6e9ca84240db157
ratproxy-1.51.exe MD5SUM c41acfd5ab7874dfef3970ac52eb2a9b

In order to run it, you need to download and install cygwin runtime, since ratproxy is dependant on several cygwin libraries. Do not forget to update your path variable to include c:\cygwin\bin.

To run it, use the following steps

  1. create a report directory (report_outdir)
  2. type ratproxy -v report_outdir -w report_filename -lfscm
  3. reconfigure your browser to use proxy on address localhost:8080
  4. Start browsing, ratproxy will create reports.
Report parsing
Copy the report generator from this location, and create a file from the text. It's a bash script, so You should run it from a cygwin shell. Make sure that it's a UNIX formatted file (LF/CR), otherwise the shell will report errors.

It creates a HTML report from the raw report generated by ratproxy.