Comments on: Google Ratproxy

By: Josh

Josh — Mon, 11 May 2009 21:32:34 +0000

Sure, feel free to quote me in your report for school and please let me know if you have any questions.

By: Proxy Guy

Proxy Guy — Mon, 11 May 2009 05:22:33 +0000

Can I quote you in my report for school?

By: Josh

Josh — Sun, 27 Jul 2008 16:41:10 +0000

Good point, Victor. There are actually some very good Firefox plugins that you can use to test the security of your web applications. These includes “Add N Edit Cookies” (to modify your cookie info), HackBar (HTML encoding, XSS, SQL Injection), Tamper Data (modify POST parameters), and Live HTTP Headers (view HTTP headers). As Ernest said, the problem with these tools is that while they allow you to test web application security, the user using them has to actually know what they are doing. If you don’t know what you are looking for, then a proxy tool like RatProxy helps to fill in those knowledge gaps.

By: Ernest

Ernest — Thu, 24 Jul 2008 21:07:48 +0000

I think the deal with ratproxy is it’s good for less advanced users. You just set up a proxy and browse and then it gives you lovely reports on what’s wrong. If you “know what you’re doing” you can use WebScarab or any number of other tools, but unfortunately the number of developers that “know what they’re doing” in a security sense is low.

By: Victor Trac

Victor Trac — Wed, 23 Jul 2008 07:21:11 +0000

Thanks for posting about Ratproxy. It seems like it could be a useful tool, especially if you’re managing a network and trying to figure out the vulnerabilities of your users.

For a single user though, it seems to me like a simple browser-side extension could work just as well. Firebug probably has the capability of doing this, although the plugins I’ve seen are generally geared for web development. It would at least save you the trouble of running a proxy and reconfiguring your browser to use it.