{"id":1630,"date":"2009-04-13T09:29:47","date_gmt":"2009-04-13T09:29:47","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=1630"},"modified":"2015-09-09T19:38:08","modified_gmt":"2015-09-09T11:38:08","slug":"watcher-passive-analysis-tool-for-http-web-applications","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2009\/04\/watcher-passive-analysis-tool-for-http-web-applications\/","title":{"rendered":"Watcher – Passive Analysis Tool For HTTP Web Applications"},"content":{"rendered":"
[ad]<\/p>\n
Watcher is a run time passive-analysis tool for HTTP-based Web applications. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads, cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.<\/p>\n
Major Features:<\/strong><\/p>\n Watcher is built as a plugin for the Fiddler HTTP debugging proxy available at www.fiddlertool.com<\/a>. Watcher works seamlessly with today\u2019s complex Web 2.0 applications by running silently in the background while you drive your browser and interact with the Web-application.<\/p>\n Watcher is built in C# as a small framework with 30+ checks already included. It’s built so that new checks can be easily created to perform custom audits specific to your organizational policies, or to perform more general-purpose security assessments. <\/p>\n You can download Watcher here:<\/p>\n\n