[Owasp-leaders] Hatkit @ Defcon 19

Martin Holst Swende martin.holst_swende at owasp.org
Tue Aug 9 03:48:12 EDT 2011


I just returned from Las Vegas, where I presented Owasp Hatkit projects
last Saturday
(https://www.defcon.org/html/defcon-19/dc-19-speakers.html#Swende). I
will post the video once that is made accessible (may take a while).
Last Tuesday, we released a lot++ of new features, in a 0.6.0-release
(defcon-release) of both the proxy and the datafiddler. The largest
changes are:

* Proxy
    - Decodes json
    - Decodes cookie and setcookie headers correctly in to dicts (and
thereby handles multiple headers)
    - Stores text-type content as strings, not binary blobs
    - Some changes to the storage format (!IMPORTANT - may cause
compatibility issues)
    - TCP interceptor now has processing capabilities, meaning you can
use beanshell scripting to operate on the packets. A few beanshell
processors are included.
    - Support for tcp defragmentation ON/OFF

* Datafiddler
    - 3pp (Third party plugin) now implemented
        - w3af greppers
        - Ratproxy analyser
        - generic proxy exporter
        - webscarab exporter
    - Cache proxy (early beta)
        - Acts as a cache proxy, in either 'closed' or 'open' mode. In
open mode, it fetches any content that it does not have.
          In closed mode, it just answeres 404. Useful e.g. for
capturing screenshots after a pentest is finished,
            but also to e.g. 'resume' a nikto-scan (since already
scanned items will not be fetched again).
    - Configuration settings implemented
    - New right-click options for tableview
        - View diffs on requests/responses
        - Open urls with browser
        - Open content with editor
        - Copy urls
        - Improved copy-paste functionality from table to paste-buffer

All in all, I think the presentation went well. I'll post the link to
the presentation pdf later on. Let me know if you have any problems with
the new binaries.
Martin Holst Swende

More information about the OWASP-Leaders mailing list