Research

We build genuine partnerships with our clients

• White Papers
  • Web Application Vulnerability Statistics 2010-2011
  • Assessing Cloud Node Security
  • Smartphones in the Enterprise
  • Clickjacking
• Tools
  • Clickjacking Tool
  • CAT
    • Why use CAT?
    • Key Components
    • Download
    • User Guide
      • Installation
      • Menu
      • Options
      • Log View
      • Repeater Panel
      • Proxy Panel
      • Fuzzer Panel
      • Log Panel
      • Auth Checker Panel
      • SSL Checker Panel
      • Notepad
      • Integrated Web Browser Panel
      • Addons
      • Additional Information
    • Addons
    • Mono
  • MBean Trojan
  • IIS7 Header Block
• Blog
  • Malware 2 - From Infection to Persistence
  • Server Technologies - HTTPS BEAST Attack
  • Malware - Dark Comet RAT
  • Server Technologies - Reverse Proxy Bypass
  • SAP Exploitation – Part 2
  • SAP Exploitation – Part 1
  • WebGL - More WebGL Security Flaws
  • WebGL - A New Dimension for Browser Exploitation
    • FAQ
  • Server Technologies - SSL2: Should it keep you awake at night?
  • SmartPhones - Can you Trust your USB Charger?
  • Malware 1 - From Exploit to Infection
  • Server Technologies - JBoss RMI Twiddling

Limitations

With the release of version 1 of CAT the aim has been to ensure stability within the code and fix as many bugs as possible. However no code is perfect.

Acknowledgements

CAT makes use of the following third party components, whose authors I would like to thank:

• OpenSSL for certificate manipulation and SSL version checking
• DirBuster’s directory listings are part of the fuzzers word lists
• SharpDevelop for the CodeEditor and Ionic zip utilities for CATX projects.

I would also like to thank the members of Context that have worked on CAT and provided invaluable feedback. Cheers guys.

Bug Reporting

Please report any bugs or feature requests to: CAT@contextis.co.uk . Please include the version of CAT, Windows version, and any information provided by error handling like Exceptions and stack traces. Information about how to recreate the issue, including the types of web servers and any Screenshots would also be useful (where possible).

Upgrades

CAT will check on start up cat.contextis.com for a newer version of the software, if one is found the user will be informed but it will not automatically upgrade. You can also keep up to date with cat by visiting the website. If a new version of the software is available then download the new installer and your current instance will be upgraded.  

Change Log

The changes between Beta 4 and Version 1:

• Lots of bug fixes to provide a (hopefully) stable release
• Silverlight WCF Encoding/decoding support for proxy, repeater and fuzzer.
• New Improved authentication checker with two browser boxes which can be synced to send requests from high user to low.
• Addons support – API for additional Tabs, SDK documentation and sample plugin.
• C# Scriptable Fuzzing
• Multi-Stage CSRF HTML generation
• NTLM Authentication – Set credentials in file->options.
• Migration to .NET 4
• Updated Wordlists – Including technology specific
• Load Requests from a Log directly into a new Fuzzer or Repeater
• Allows adding a list of words to be shown in the add columns.
• Added to fuzzer and SQL injection test “No Lines Diff” to help identify a change in response despite the page having totally dynamic content.
• Mono Support – Beta Only

The changes between Beta 3 and Beta 4 are as follows:

• Added Support for 64 bit windows.
• Change certificate storage location to allow CAT to run as a non-admin user
• Add Column for test for auto completion on forms
• Add Column for cache controls
• Add Click jacking test support
• SSL connection keep-alive to increase performance.
• CAT was fixed to use SSLV3 from the proxy this is now relaxed to include SSLV2 and TLS1.
• Can show options on first load.
• Can disable check for update call back
• SSL non-standard support
• Fixed bugs related to non-standard HTTP response headers
• Fixed a bug in fuzzer relating to concurrency
• Can save CSRF post forms to files
• Save text in notepad
• Counter on the length of text
• Update UI to better route usage.
• Response bodies can be saved to a file

© Copyright 2012 Context Information Security.

Main Navigation

• Home /
• Our Company /
• Security Solutions /
• Research /
• Media /
• Contact Us