Ratproxy
澹台胜
Tested XSS the other day manually due to time constraint, using some xss cheat sheet from web. Found Google's tool Ratproxy then, played with it and write some notes about that.
Env: Ubuntu
1. Install libssl and openssl
sudo apt-get install libssl-dev openssl
2. Download ratproxy from http://code.google.com/p/ratproxy/
3. cd ratproxy
make
4. Set the browser proxy to localhost:8080
5. Start ratproxy
./ratproxy -v . -w *.log -d f url of site -lfscm
6. Then go to the website, manually click any page that can accept input text
7. Generate a html from *.log and analyze it
Env: Ubuntu
1. Install libssl and openssl
sudo apt-get install libssl-dev openssl
2. Download ratproxy from http://code.google.com/p/ratproxy/
3. cd ratproxy
make
4. Set the browser proxy to localhost:8080
5. Start ratproxy
./ratproxy -v . -w *.log -d f url of site -lfscm
6. Then go to the website, manually click any page that can accept input text
7. Generate a html from *.log and analyze it
类似资料: