The Ratproxy security scanner looks for vulnerabilities in web applications
Rat Catcher

© Illustrations on this page: Anna Telnova, Fotolia
Google's Ratproxy is a free testing tool that searches for security problems in web applications.
Several test suites help you look for vulnerabilities in web-based applications [1] [2], but many of these applications are expensive or difficult to use. Wouldn't it be nice just to press a button to find out what vulnerabilities exist in your own software – along with a line reference to help you find the problems in the source code?
Ratproxy [1] is a tiny but powerful tool with a simple approach to searching for problems in web applications. The Ratproxy security testing tool originated in the development labs Google, where it was created to test Google's own applications. In July 2008, the company decided to release the current version to the general public under the Apache License 2.0.
Google describes Ratproxy as a "semi-automatic, largely passive web application security audit tool." Lurking behind this cryptic description is a tool with a simple purpose: Ratproxy sniffs communications between the browser and the application, logging the data stream and checking the log for known issues, risks, and vulnerabilities. Developers can launch Ratproxy and watch the output. Ratproxy reaches places that competitive products find difficult to access. For example, other tools might find it hard to reach password-protected areas, or they could stumble over some forwarding scenarios. In the same way, Ratproxy cleverly works around Javascript issues. Legacy test tools employ guess work to discover which function will be used next. This problem occurs particularly in GUI testing, wherein users typically have a choice of various buttons and menus. Ratproxy, on the other hand, simply waits to see what the user does next in the browser.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

News
-
CachyOS Now Lets Users Choose Their Shell
Imagine getting the opportunity to select which shell you want during the installation of your favorite Linux distribution. That's now a thing.
-
Wayland 1.24 Released with Fixes and New Features
Wayland continues to move forward, while X11 slowly vanishes into the shadows, and the latest release includes plenty of improvements.
-
Bugs Found in sudo
Two critical flaws allow users to gain access to root privileges.
-
Fedora Continues 32-Bit Support
In a move that should come as a relief to some portions of the Linux community, Fedora will continue supporting 32-bit architecture.
-
Linux Kernel 6.17 Drops bcachefs
After a clash over some late fixes and disagreements between bcachefs's lead developer and Linus Torvalds, bachefs is out.
-
ONLYOFFICE v9 Embraces AI
Like nearly all office suites on the market (except LibreOffice), ONLYOFFICE has decided to go the AI route.
-
Two Local Privilege Escalation Flaws Discovered in Linux
Qualys researchers have discovered two local privilege escalation vulnerabilities that allow hackers to gain root privileges on major Linux distributions.
-
New TUXEDO InfinityBook Pro Powered by AMD Ryzen AI 300
The TUXEDO InfinityBook Pro 14 Gen10 offers serious power that is ready for your business, development, or entertainment needs.
-
LibreOffice Tested as Possible Office 365 Alternative
Another major organization has decided to test the possibility of migrating from Microsoft's Office 365 to LibreOffice.
-
Linux Mint 20 Reaches EOL
With Linux Mint 20 at its end of life, the time has arrived to upgrade to Linux Mint 22.