From martin.holst_swende at owasp.org Tue Aug 9 03:48:12 2011 From: martin.holst_swende at owasp.org (Martin Holst Swende) Date: Tue, 09 Aug 2011 09:48:12 +0200 Subject: [Owasp-hatkit-datafiddler-project] Hatkit @ Defcon 19 Message-ID: <4E40E63C.6030502@owasp.org> Hello, I just returned from Las Vegas, where I presented Owasp Hatkit projects last Saturday (https://www.defcon.org/html/defcon-19/dc-19-speakers.html#Swende). I will post the video once that is made accessible (may take a while). Last Tuesday, we released a lot++ of new features, in a 0.6.0-release (defcon-release) of both the proxy and the datafiddler. The largest changes are: * Proxy - Decodes json - Decodes cookie and setcookie headers correctly in to dicts (and thereby handles multiple headers) - Stores text-type content as strings, not binary blobs - Some changes to the storage format (!IMPORTANT - may cause compatibility issues) - TCP interceptor now has processing capabilities, meaning you can use beanshell scripting to operate on the packets. A few beanshell processors are included. - Support for tcp defragmentation ON/OFF * Datafiddler - 3pp (Third party plugin) now implemented - w3af greppers - Ratproxy analyser - generic proxy exporter - webscarab exporter - Cache proxy (early beta) - Acts as a cache proxy, in either 'closed' or 'open' mode. In open mode, it fetches any content that it does not have. In closed mode, it just answeres 404. Useful e.g. for capturing screenshots after a pentest is finished, but also to e.g. 'resume' a nikto-scan (since already scanned items will not be fetched again). - Configuration settings implemented - New right-click options for tableview - View diffs on requests/responses - Open urls with browser - Open content with editor - Copy urls - Improved copy-paste functionality from table to paste-buffer All in all, I think the presentation went well. I'll post the link to the presentation pdf later on. Let me know if you have any problems with the new binaries. Regards, Martin Holst Swende