[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] [WEB SECURITY] CAT Version 1 Released - Web App Testing Tool
- To: "websecurity@xxxxxxxxxxxxx" <websecurity@xxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] [WEB SECURITY] CAT Version 1 Released - Web App Testing Tool
- From: Andre Gironda <andreg@xxxxxxxxx>
- Date: Wed, 10 Aug 2011 10:54:46 -0700
On Tue, Aug 9, 2011 at 2:34 AM, Context IS - Disclosure
<disclosure@xxxxxxxxxxxxxxx> wrote:
> Under native Windows, CAT will only use IE to render the HTML. I can see
> your point as to why you might not want to use IE and I will look into adding
> in a Gecko rendering option for the next version.
I attempted to use both the Windows registry IsDefaultRenderer=1 entry
and 'X-UA-Compatible: chrome=1' header in every response, but still
could not change the rendering engine in CAT (latest version) from IE
to ChromeFrame.
However, CAT has a proxy. It does not, however, include the feature to
"show response in browser" as does Burp -- which would allow you to
switch between browsers to see if the XSS works in one versus another.
Cheers,
Andre
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/