Watcher – Passive Analysis Tool For HTTP Web Applications


Watcher is a run time passive-analysis tool for HTTP-based Web applications. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads, cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Major Features:

  1. Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, and CSS
  2. Works seamlessly with complex Web 2.0 applications while you drive the Web browser
  3. Non-intrusive, will not raise alarms or damage production sites
  4. Real-time analysis and reporting – findings are reported as they’re found, exportable to XML
  5. Configurable domains with wildcard support
  6. Extensible framework for adding new checks

Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com. Watcher works seamlessly with today’s complex Web 2.0 applications by running silently in the background while you drive your browser and interact with the Web-application.

Watcher is built in C# as a small framework with 30+ checks already included. It’s built so that new checks can be easily created to perform custom audits specific to your organizational policies, or to perform more general-purpose security assessments.

You can download Watcher here:

Watcher.zip

Or read more here.

Posted in: Hacking Tools, Web Hacking

, ,


Latest Posts:


RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.
BloodHound - Hacking Active Directory Trust Relationships BloodHound – Hacking Active Directory Trust Relationships
BloodHound is for hacking active directory trust relationships and it uses graph theory to reveal the hidden and often unintended relationships within an AD environment.


2 Responses to Watcher – Passive Analysis Tool For HTTP Web Applications

  1. Mozilla Fanboy April 13, 2009 at 11:14 am #

    Hey,

    nice n all, but how about a port to firebug for us non-MS users?

    ttfn

  2. Jack April 18, 2009 at 8:20 am #

    There might be a setting to change the port