Projects / ratproxy


ratproxy is a semi-automated, largely passive Web application security audit tool optimized for accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex Web 2.0 environments.

Operating Systems

Recent releases

  •  13 May 2009 19:59

    Release Notes: Another round of minor tweaks to the connection handling logic to improve compatibility with certain Web servers.

    •  17 Apr 2009 09:37

      Release Notes: This release adds new checks for Flash crossdomain.xml and Silverlight clientaccesspolicy.xml, and reverts HTTP/1.1 logic introduced in 1.55.

      •  26 Mar 2009 23:09

        Release Notes: A minor change was made to always output HTTP/1.1 headers to avoid the activation of certain Web server heuristics.

        •  16 Feb 2009 15:50

          Release Notes: A minor usability fix was made to HTTPS handling when communicating over CONNECT proxies.

          •  02 Jan 2009 13:49

            Release Notes: This release makes minor improvements to XSRF token detection.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.