RatProxy can be considered a specialized protocol analyzer for interpreting HTML transactions. Suppose there is a web transaction that you are curious about. For example, it seems to return user-created text to you, and you suspect that this may indicate a cross-site scripting (XSS) attack is possible.
- I found How to Setup RatProxy on Windows to be a useful resource for installing Cygwin and RatProxy on Windows.
- The Firefox addon Elite Proxy Switcher is more than sufficient to make changing proxy settings simple.
- The 7-zip archive utility is used by the batch file which follows. Neither the batch file nor the utility are required, but you may find them convenient.
- Add a batch file (preserve.bat) to the c:\cygwin\bin folder:
if (%1)==() goto ERRPARM
ren ..\ratproxy\report.html %1.*
“C:\Program Files\7-Zip\7z.exe” a ..\ratproxy\%1.zip ..\ratproxy\*.trace ..\ratproxy\ratproxy.log
echo Name for report and zip file is required.
With that preparation complete, and with Firefox ready to submit your interaction:
- Open a command shell (cmd.exe).
- Paste these two lines into the command window:
ratproxy.exe -v c:\cygwin\ratproxy -w ratproxy.log -p 8080 -lextifscijmXC
This creates a web proxy on port 8080. The “-lextifscijmXC” options may not be appropriate for your testing; see the RatProxy documentation.
- Change your browser to use this proxy (localhost:8080). Traffic that is passed through the browser will go through RatProxy.
- Your test traffic occurs here.
- In the command window (from step 2) press Ctrl+C to quit RatProxy.
- Undo the browser proxy changes (from step 3).
- Create the RatProxy report by pasting these four lines into the command window (from steps 2 and 5). This runs the report in a bash shell.
./ratproxy-report.sh ratproxy.log > report.html
This will require another Enter.
C:\cygwin\ratproxy\report.html, C:\cygwin\ratproxy\ratproxy.log and one or more .trace files in the C:\cygwin\ratproxy\ folder will contain the results of your testing. These .trace files are not Wireshark-compatible, but they are interpreted network protocol analyzer results.
- Clean up. To associate the report.html file with the .trace files and to prepare for the next traffic capture, I added a batch file (preserve.bat, text ) to c:\cygwin\bin. In the command window (from steps 2, 5 and 7), enter
where <project> is a term you choose to remember what you were testing.
You will now have a <project>.html file and a <project>.zip file in C:\cygwin\ratproxy\. You can close the command window.
In the html file you will see each POST transaction followed by a [view trace] hyperlink (such as c:\cygwin\ratproxy/506875b7-2ac4.trace). The hyperlink wasn’t working anyway, but it does indicate which of the .trace files to associate with this POST transaction.