CAT v.1 – Web App Testing Tool

CAT v.1 – Web App Testing Tool

 CAT provides the ability to test a web application for all types of vulnerabilities from SQL injection to reverse proxy bypass. It allows for traffic between a web browser and a web server to be intercepted and altered. Requests can then be repeated within CAT allowing for all aspects of the request to be altered. Requests can be fuzzed using a range of different fuzzing algorithms including brute forcing, injection attacks and scripted attacks; it also provides a facility to fuzz forms with CSRF tokens. Authorisation within an application can easily be checked using two synchronised web sessions from one user type to another
Some highlights of CAT:
– CAT uses Internet Explorer’s rendering engine for accurate HTML representation
– It supports many different types of text conversions including: URL, Base64, Hex, Unicode, HTML/XML, SQL and JavaScript no quotes
– It offers integrated SQL Injection and XSS Detection
– Advanced Authentication and Authorisation using Synchronised Browsing
– Silverlight WCF Support
– Faster performance due to HTTP connection caching
– SSL Version and Cipher checker using OpenSSL
– Greater flexibility for importing/exporting logs and saving projects
– Tabbed Interface allowing for multiple tools at once e.g. multiple repehaters and different logs
– The ability to repeat and modify a sequence of requests (particularly useful in SSO testing)
– Ability to extend CAT using Addons with publicly available documentation and sample code
– MONO Support for Linux and OSX (Currently in Beta).
– Scriptable fuzz cases.