1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
.\" Originally generated by help2man 1.36.
.TH RATPROXY "1" "April 2009" "ratproxy 1.56-beta" "User Commands"
.SH NAME
ratproxy \- a passive web application security assessment tool
.SH SYNOPSIS
.B ratproxy
.nh
[\fI-w logfile\fR] [\fI-v logdir\fR] [\fI-p port\fR]
[\fI-d domain\fR] [\fI-P host:port\fR]
[\fI-xtifkgmjscael2XCr\fR]
.hy
.SH DESCRIPTION
Ratproxy is a semi-automated, largely passive web application security
audit tool. It is meant to complement active crawlers and manual
proxies more commonly used for this task, and is optimized
specifically for an accurate and sensitive detection, and automatic
annotation, of potential problems and security-relevant design
patterns based on the observation of existing, user-initiated traffic
in complex web 2.0 environments.
.SH OPTIONS
.HP
\fB\-w\fR logfile \- write results to a specified file (default: stdout)
.HP
\fB\-v\fR logdir \- write HTTP traces to a specified directory (default: none)
.HP
\fB\-p\fR port \- listen on a custom TCP port (default: 8080)
.HP
\fB\-d\fR domain \- analyze requests to specified domains only (default: all)
.HP
\fB\-P\fR host:port \- use upstream proxy for all requests (format host:port)
.HP
\fB\-r\fR \- accept remote connections (default: 127.0.0.1 only)
.HP
\fB\-l\fR \- use response length, not checksum, for identity check
.HP
\fB\-2\fR \- perform two, not one, page identity check
.HP
\fB\-e\fR \- perform pedantic caching headers checks
.HP
\fB\-x\fR \- log all XSS candidates
.HP
\fB\-t\fR \- log all directory traversal candidates
.HP
\fB\-i\fR \- log all PNG files served inline
.HP
\fB\-f\fR \- log all Flash applications for analysis (add \fB\-v\fR to decompile)
.HP
\fB\-s\fR \- log all POST requests for analysis
.HP
\fB\-c\fR \- log all cookie setting URLs for analysis
.HP
\fB\-g\fR \- perform XSRF token checks on all GET requests
.HP
\fB\-j\fR \- report on risky Javascript constructions
.HP
\fB\-m\fR \- log all active content referenced across domains
.HP
\fB\-X\fR \- disruptively validate XSRF, XSS protections
.HP
\fB\-C\fR \- try to auto\-correct persistent side effects of \fB\-X\fR
.HP
\fB\-k\fR \- flag HTTP requests as bad (for HTTPS\-only applications)
.HP
\fB\-a\fR \- indiscriminately report all visited URLs
.SH EXAMPLES
Example settings suitable for most tests:
.TP
1) Low verbosity : \fB\-v\fR <outdir> \fB\-w\fR <outfile> \fB\-d\fR <domain> \fB\-lfscm\fR
.TP
2) High verbosity : \fB\-v\fR <outdir> \fB\-w\fR <outfile> \fB\-d\fR <domain> \fB\-lextifscgjm\fR
.TP
3) Active testing : \fB\-v\fR <outdir> \fB\-w\fR <outfile> \fB\-d\fR <domain> \fB\-XClfscm\fR
.PP
Multiple \fB\-d\fR options are allowed. Consult the documentation for more.
.PP
.SH AUTHOR
ratproxy is written and maintained by Michal Zalewski
<lcamtuf@google.com>
.PP
This manual page was generated via help2man by Iustin Pop
<iusty@k1024.org> for the Debian project (but may be used by others).
.SH SEE ALSO
.BR ratproxy-report "(1)"
|
