What steps will reproduce the problem?

1. Compile on Windows 7
2. Run ratproxy with ratproxy -v testout -w testoutfile -d
"http://www.domain.com" -lfscm
3. See error

What is the expected output? What do you see instead?

Should have run, instead showed the following error:
ratproxy version 1.58-beta by <[email protected]>
SYSTEM ERROR : cannot bind to port [listen_loop(), ratproxy.c:1618]
     Message : Operation not permitted


What version of the product are you using? On what operating system?

ratproxy version 1.58 . Windows 7 Enterprise

I'm not sure why ratproxy detects JavaScript code with MIME type
"application/javascript" as "application_javascript". Is there some valid
reason for this?

This leads to the following warnings in the report:
"MIME type: application/javascript, detected: application_javascript,
charset: -"

The following fragment of mime.c is responsible:

          else if (!strcasecmp(r->mime_type,"application/javascript"))
            r->sniffed_mime = "application_javascript";

ratproxy-report.sh has a comment
TODO: Use standalone stylesheets to conserve bytes.

Attached are files:
ratproxy-report.sh: creates a valid XHTML report file that looks very close
to the original, using an external stylesheet
ratproxy.css: the external stylesheet
messages.list: modified to remove inline styles

Too many changes, I thought patch files would be less convenient.

[email protected]

What steps will reproduce the problem?
1. Compile on Mac OS X 10.4.11
2. Run ratproxy with $ ./ratproxy -v testout -w testoutfile -d
"http://www.domain.com" -lfscm
3. See error

What is the expected output? What do you see instead?

Should have run, instead showed the following error:
ratproxy version 1.50-beta by <[email protected]>
SYSTEM ERROR : cannot bind to port [listen_loop(), ratproxy.c:1609]
     Message : Can't assign requested address

What version of the product are you using? On what operating system?
Mac OS X 10.4.11

What steps will reproduce the problem?
1.How does ratproxy classify Risk for a vulnerability?
  CVSS Base Score?

1. generate some report with ratproxy-report with POST requests
2. click on some POST link

When forms are openning in new windows you can stay and read current report

Patch:
--- ratproxy-report.orig    2010-03-25 16:36:17.517758221 +0300
+++ ratproxy-report 2010-03-25 16:35:49.995321426 +0300
@@ -337,7 +337,7 @@
       if ! echo "$payload" | grep -q '^GWT_RPC\['; then

         echo "<input type=submit value=\"edit values\"
onclick=\"document.getElementById('form$CNT').style.display='inline';return
false;\" style=\"border-width: 1px; background-color: #FFFFC0; font-size:
0.9em; display: inline\">"
-        echo "<form action=\"$url\" method=\"POST\" id=\"form$CNT\"
style=\"display: none\">"
+        echo "<form action=\"$url\" method=\"POST\" id=\"form$CNT\"
target=\"_blank\" style=\"display: none\">"
         echo "$payload" | sed 's/\&#x\(..\);/%\1/g' | sed 's/&/\
 /g' | sed 's/%26/\&/g;s/%3B/;/g' | sed 's/\%\(..\)/\&#x\1;/g' | \
         while IFS='=' read -r param val; do 

I am running

$ ./ratproxy -v DELME -w report -d www.okiok.com –lfscmxt

But I cannot generate the report. The report file is properly generated

$ ./ratproxy-report.sh
./ratproxy-report.sh: line 29: $'\r': command not found
./ratproxy-report.sh: line 230: syntax error near unexpected token `elif'
'/ratproxy-report.sh: line 230: `    elif [ "$severity" = "2" ]; then


OS: XP Pro 5.1 SP3 (Version 5.1.2600)
Cygwin: GNU bash, version 4.1.10(4)-release (i686-pc-cygwin)

Google Code service is closing. Do you have plans to move this project to 
GitHub or similar hosting service?

What steps will reproduce the problem?
1. ./ratproxy -k -x -w logfile -v testsystem
2. navigate to system with Equifax signed cert
3. accept ratproxy ss cert

What is the expected output? What do you see instead?

0026:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1060:SSL alert number 48
PROGRAM ABORT: client SSL handshake failed [ssl_start(), ssl.c:162]


What version of the product are you using? On what operating system?

1.58-beta

Please provide any additional information below.

Hello all,
How do we schedule a scan in ratproxy?
That means, is it possible that I can record my session now and scan my 
session later for the vulnerabilities?
Any help would be helpful.

Sagar.

What steps will reproduce the problem?
1. n/a

What is the expected output? What do you see instead?

The bevy of command-line options are an important feature in ratproxy. 
However they also bring a degree of complexity that the README and --help
message both implicitly acknowledge.  It would be nice if the profiles
listed in either document could be incorporated into RatProxy itself.  See
below for a more clear example.

I recognize the point made in the documentation that RatProxy requires a
certain bit of awareness by default, but I think it's important not to
conflate a person's technical savvy with their ability to juggle all of
these testing options at a time.

What version of the product are you using? On what operating system?
- ratproxy version 1.51-beta by <[email protected]>
- Fedora Core release 4 (Stentz)


Please provide any additional information below.

Example settings suitable for most tests:
  1) Low verbosity  : -v <outdir> -w <outfile> -d <domain> -lfscm
  2) High verbosity : -v <outdir> -w <outfile> -d <domain> -lextifscgjm
  3) Active testing : -v <outdir> -w <outfile> -d <domain> -XClfscm

Instead of just printing these in the usage message, why not also
incorporate them into the app itself, and maybe even allow users to further
customize the run-time settings using these testing levels as a baseline?

I am using ratproxy in windows environment. it shows me that the proxy is
configured properly. I used it for doing an assessment. it generates
various .trace files but when I tried to run reporting tool using the
following command: 

sh ratproxy-report.sh ratproxy.log > report.html

it shows me some error in ratproxy-report.sh (screenshot attached). I want
to know is this some kind of issue in ratproxy-report.sh file or there is
some problem my configuration. 

What is the expected output? What do you see instead?
it should generate a HTML report, containing details of all the issues
identified by ratproxy.

What version of the product are you using? On what operating system?
I am using ratproxy1.5.1 over windows Xp

What steps will reproduce the problem?
1. run ratproxy with low verbosity (-lfscm)
2. Browse a web application.
3. Watch Several log messages (correct?)

What is the expected output? What do you see instead?
Several "Ambiguous HTTP content headers" message browsing web application
with js scripts.
3|3|Ambiguous HTTP content
headers|-|304|0|-|-|-|-|GET|https://jira-application:443/s/233/1/1.0/_/download/
resources/jira.webresources:scriptaculous/controls.js|-|-|-


What version of the product are you using? On what operating system?
ratproxy version 1.51-beta 
ubuntu 8.04

Please provide any additional information below.

HTTP request/response example triggering "Ambiguous HTTP content headers"
message.

https://jira-applictaion/s/233/1/1.0/_/download/resources/jira.webresources:scri
ptaculous/controls.js



GET
/s/233/1/1.0/_/download/resources/jira.webresources:scriptaculous/controls.js
HTTP/1.1

Host: jira-application
User-Agent: Mozilla/5.0 (X11; U; Linux i686; es-ES; rv:1.9)
Gecko/2008061015 Firefox/3.0

Accept: */*

Accept-Language: es-es,es;q=0.8,en-us;q=0.5,en;q=0.3

Accept-Encoding: gzip,deflate

Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7

Keep-Alive: 300

Connection: keep-alive

Referer: https://jira-application/secure/Dashboard.jspa

Cookie: JSESSIONID=XXXXXXXXXXA456698C1FCF906457CE74

If-Modified-Since: Tue, 22 May 2007 07:00:00 GMT

If-None-Match: W/"28803-1179817200000"



HTTP/1.x 304 Proxied response

Connection: close

Content-Length: 0

Server: Apache-Coyote/1.1

Pragma: No-cache

Cache-Control: max-age=315360000000, private

Expires: Fri, 06 Jul 2018 12:32:30 GMT

Date: Tue, 08 Jul 2008 12:32:29 GMT


What's the exact problem with this HTTP requests/response?

Thanks

What steps will reproduce the problem?
1. Downloaded and expanded the latest copy of ratproxy 1.53 on Mac OSX 10.5.6.
2. Downloaded and installed an updated copy of Flare for OSX.
3. Ran "make" as a sudo user in the ratproxy directory.  Compiled with no
errors.
4. Ran "sudo ./ratproxy -v ~/Documents/ -w ratproxy.log -d domain -lextifscgjm
5. Using the latest copy of firefox (3.0.5) configured the local proxy -
"localhost:8080"
6. Attempted to connect to a SSL server using the proxy.  Ratproxy gives me
the following message: 

PROGRAM ABORT: client SSL handshake failed [ssl_start(), ssl.c:162]

error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown:s3_pkt.c:1052:SSL alert number 46

7. In firefox I get an untrusted certificate error - so I create an
exception for the ratproxy cert.

8. Once accepted I continue to get repeated errors above when communicating
with the site.

Is this expected behavior?

What steps will reproduce the problem?
1. Try to connect to a web site that requires client certificate for
authentication.

What is the expected output? What do you see instead?
What I see:
6610:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
ca:s3_pkt.c:1053:SSL alert number 48
PROGRAM ABORT: client SSL handshake failed [ssl_start(), ssl.c:162]       

6720:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1053:SSL alert number 40
PROGRAM ABORT: server SSL handshake failed [ssl_start(), ssl.c:158]       


What version of the product are you using? On what operating system?
1.58-beta, OpenSUSE Linux x86_64

What steps will reproduce the problem?
1. Download ratproxy-1.51.tar.gz
2. tar xzf ratproxy-1.51.tar.gz
3. cd ratproxy; make

What is the expected output? What do you see instead?
If flare isn't installed - the error message misspells "binary":
*** WARNING: flare-dist/flare bianry is not operational.
*** Please see flare-dist/README and update it for your OS.

What version of the product are you using? On what operating system?
ratproxy version 1.51-beta by <[email protected]>
Mac OS X 10.5.4

Please provide any additional information below.

test 1234

What steps will reproduce the problem?
1. ./ratproxy -w /home/Sutapa/outdir/outfile -v /home/Sutapa/outdir/ -d 
<ip-addr>:8080/<project-name>/ -lfscmr

2.
3.

What is the expected output? What do you see instead?
Expected output am yet to see
Output I see is:
ratproxy version 1.51-beta by <[email protected]>
SYSTEM ERROR : cannot bind to port [listen_loop(), ratproxy.c:1609]
     Message : Address already in use


What version of the product are you using? On what operating system?
ratproxy version 1.51-beta by <[email protected]>
RedHat linux 5


Please provide any additional information below.

I downloaded the ratproxy 5.1 tarball and ran the make function to build 
the ratproxy executable.

Please help.

Changes needed to Makefile to compile on Solaris10.

23,24c23,25
< CFLAGS         = -Wall -O3 -Wno-pointer-sign -D_GNU_SOURCE
< LDFLAGS  = -lcrypto -lssl

---
> #CFLAGS        = -Wall -O3 -Wno-pointer-sign -D_GNU_SOURCE
> CFLAGS         = -Wall -O3  -D_GNU_SOURCE
> LDFLAGS  = -lcrypto -lssl -lsocket -lnsl

You will need GCC.
You must also have openssl built and resolvable via 
ENV variable LD_LIBRARY_PATH 
To compile type in "make CC=gcc"

I compiled ratproxy using Cygwin following this guideline: 
http://www.butterdev.com/web-security/2008/07/google-ratproxy-web-application-se
curity-audit-tool/
When I ran Make with flag -Wno-pointer-sign removed I got this error
cc ratproxy.c -o ratproxy  -Wall -O3  -D_GNU_SOURCE http.c mime.c ssl.c 
-lcrypto -lssl
ratproxy.c: In function `listen_loop':
ratproxy.c:1635: error: incompatible type for argument 2 of `waitpid'
Makefile:29: recipe for target `ratproxy' failed
make: *** [ratproxy] Error 1

Am I missing any library? 
Thanks

What steps will reproduce the problem?
1. Start ratproxy, config broswer settings, navigate to target URL:3000. 
2. Target website happens to be running on port 3000.
3. Navigate to same server on default port (80).

What is the expected output? What do you see instead?

Ratproxy doesn't seem to analyze web traffic on non-standard ports (at
least it doesn't on this particular server on port 3000).  Requests to the
server on the standard port (80) seem to be correctly caught.  I can
confirm there are 2 different websites on this machine, and both are
working correctly.

What version of the product are you using? On what operating system?

1.5.1, Ubuntu 8.04, Mac OSX 10.5.4 (happens on both) 

What steps will reproduce the problem?
When tests web-server on not standart ports like 80 and 443 you will see
such warning:
"[!] WARNING: Access to this port denied."


Please provide any additional information below.
Problem in http.c. Patch you can see below.

diff -u http.c.orig http.c
--- http.c.orig 2009-05-13 23:41:01.000000000 +0400
+++ http.c  2010-03-25 14:09:19.175346738 +0300
@@ -496,8 +496,8 @@
     if (!ret->port || ret->port > 65535) 
       http_error(client,"Illegal port specification",1);

-    if (ret->port < 1024 && ret->port != 80 && ret->port != 443)
-      http_error(client,"Access to this port denied",1);
+/*    if (ret->port < 1024 && ret->port != 80 && ret->port != 443)*/
+      /*http_error(client,"Access to this port denied",1);*/

     *x = 0; 

What steps will reproduce the problem?
1. do the following 
2.  make all
cc ratproxy.c -o ratproxy  -Wall -O3 -Wno-pointer-sign -D_GNU_SOURCE 
http.c mime.c ssl.c -lcrypto -lssl
cc1: error: unrecognized command line option "-Wno-pointer-sign"
cc1: error: unrecognized command line option "-Wno-pointer-sign"
cc1: error: unrecognized command line option "-Wno-pointer-sign"
cc1: error: unrecognized command line option "-Wno-pointer-sign"
make: *** [ratproxy] Error 1

3. then modify Makefile by removing  $(CFLAGS) like this:  $(CC) 
$(PROGNAME).c -o $(PROGNAME) http.c mime.c ssl.c $(LDFLAGS), it went 
through.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?
Download current version (1.51 beta) 

 cc -v
Reading specs from /usr/lib/gcc/i386-redhat-linux/3.4.6/specs
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man --
infodir=/usr/share/info --enable-shared --enable-threads=posix --disable-
checking --with-system-zlib --enable-__cxa_atexit --disable-libunwind-
exceptions --enable-java-awt=gtk --host=i386-redhat-linux
Thread model: posix
gcc version 3.4.6 20060404 (Red Hat 3.4.6-8.0.1)
Please provide any additional information below.

some web server give 400 when Content-Length of request is 0.

What steps will reproduce the problem?
1. ./ratproxy -v . -w ./out.log -d lighttpd.net -lfscm
2. visit www.lighttpd.net

What is the expected output? What do you see instead?
expect 200 but get 400 instead

What version of the product are you using? On what operating system?
ratproxy 1.51. Mac OS X 10.5

What steps will reproduce the problem?
1. Compile ratproxy from source by removing the -Wno-pointer-sign option
removed from the makefile as it would refuse to compile on my Centos 4 box
with gcc (GCC) 3.4.6 20060404 ( I suppose it works with GCC 4+?)

2. Ran ratproxy with the command line ./ratproxy  -w proxy.log -d <my HTTPS
web application) -P upstreamproxy:port -lrextifscgjmXC
(Ok I might have gone a little overkill with the command line args)


What is the expected output? What do you see instead?
Verbose error messages that are displayed

[!] WARNING: Malformed HTTP response.
776:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:
PROGRAM ABORT: server SSL handshake failed [ssl_start(), ssl.c:158]



What version of the product are you using? On what operating system?
Latest version from SVN (revision 12) on Centos 4


Please let me know if any additional information is required.

Hi,
Your documentation for Ratproxy is really weak on the describing on how to
do a build of Ratproxy executable for each supported OS. Could you please
provide more details on how to build Ratproxy for Windows, (and other OS):
what changes are needed in Makefile, what Cygwin library to include, what
Flare is for, etc. For reference please see this link:
http://www.butterdev.com/web-security/2008/07/google-ratproxy-web-application-se
curity-audit-tool/

I hope that you can update Ratproxy documentation accordingly and promptly.
Regards,

SB

The RatproxyDoc wiki page says:

"[T]he proxy is not designed for dealing with rogue and misbehaving HTTP
servers and clients - and offers no guarantees of safe (or sane) behavior
there."

Does that mean that it might allow a malicous server to execute arbitrary
code with the privileges of the user running ratproxy?

If so, that would be unfortunate for people trying to test their production
servers hosted elsewhere, even over SSL. At least if they're using public
wifi. Maintaining a separate machine as a sandbox for running dangerous
tests can be too expensive or cumbersome for some developers.

Could you please clarify what does "safe" mean in the above quotation? Can
it be remote code execution or is it limited to manipulating ratproxy into
performing arbitrary HTTP requests, writing strange things to the logs, etc.?

Some suggestions:

1. Include a warning in the documentation about possible MITM attacks even
when you're testing your own server and mention the possibility of remote
code execution.

2. Verify the server's SSL/TLS certificate in ratproxy. That would remove
the risk when working over HTTPS.

3. I guess hardening ratproxy for use with malicious servers is not an
option for you because it would help the bad guys too much. Or maybe it's
just not worth the effort. But frankly that would be nice for the good
guys, too.

What steps will reproduce the problem?
1. Compile ratproxy 1.50-beta on Mac OS X version 10.5.3.
2. Run with ./ratproxy.

What is the expected output? What do you see instead?

  I expect ratproxy to start running on port 8080/tcp.  Instead I get:

    SYSTEM ERROR : cannot bind to port [listen_loop(), ratproxy.c:1610]
         Message : Can't assign requested address

What version of the product are you using? On what operating system?

    ratproxy 1.50-beta; Mac OS X version 10.5.3.

Please provide any additional information below.

 It seems to be an issue of not properly initializing the sockaddr_in
 structure before calling bind(2).  This patch fixes this problem for
 me:

--- ratproxy.c.orig 2008-07-03 11:19:23.000000000 -0700
+++ ratproxy.c  2008-07-03 11:19:29.000000000 -0700
@@ -1594,6 +1594,7 @@
   if (setsockopt(lsock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(_s32)) == -1) 
     pfatal("cannot setsockopt()");  

+  memset(&saddr, 0, sizeof saddr);
   saddr.sin_family      = AF_INET;

   if (!use_any) {

What steps will reproduce the problem?
1. On debian 4.0, install libssl-dev
2. compile with command: "make". 
3. run with ./ratproxy -w logfile 
4. Open slashdot, click the first link. 

What is the expected output? What do you see instead?

Ratproxy leaves defunct processes around: 

wolff    25401  0.0  0.1   3308   852 pts/68   S+   10:13   0:00 ./ratproxy
-w logfile
wolff    25736  0.0  0.0      0     0 pts/68   Z+   10:25   0:00 [ratproxy]
<defunct>
wolff    25737  0.0  0.0      0     0 pts/68   Z+   10:25   0:00 [ratproxy]
<defunct>
wolff    25738  0.0  0.0      0     0 pts/68   Z+   10:25   0:00 [ratproxy]
<defunct>
wolff    25739  0.0  0.0      0     0 pts/68   Z+   10:25   0:00 [ratproxy]
<defunct>

What version of the product are you using? On what operating system?

1.51, debian 4.0. 


Please provide any additional information below.

I haven't checked further beyond clicking a single link. 

ratproxy-report.sh assumes that messages.list is in the current directory. The 
attached patch uses 
dirname to determine where ratproxy-report.sh is installed & use message.list 
from that location 
(presumably at some point it would make sense to separate the html content into 
a template which 
could live in some share directory along with message.list & other support 
files)

The MiTM SSL Proxy only works if ratproxy is started from the ratproxy root.

In my setup it was called from a view scripts:
/home/user1/ratproxy is the ratproxy install folder.
/usr/local/bin/myscript.sh calls /home/user1/ratproxy/ratproxy "bla"

On SSL connections this failes:
25386:error:02001002:system library:fopen:No such file or
directory:bss_file.c:352:fopen('keyfile.pem','r')
25386:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
25386:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system
lib:ssl_rsa.c:720:
PROGRAM ABORT: certificate load failed [ssl_start(), ssl.c:147]

The description of the "XSRF protection" report section has a small typo
"forgety" instead of forgery.  

===========================================
POST query with no XSRF protection [toggle]

      Parameter-accepting POST requests that lack security tokens. Some
POST requests change application state, and may be vulnerable to cross-site
request forgety attacks.
===========================================

Thanks for a great tool.

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

$subject

ratproxy.c: In function 'save_trace':
ratproxy.c:572: warning: ignoring return value of 'fwrite', declared with
attribute warn_unused_result
ratproxy.c:587: warning: ignoring return value of 'fwrite', declared with
attribute warn_unused_result
ratproxy.c: In function 'decode_flash':
ratproxy.c:615: warning: ignoring return value of 'write', declared with
attribute warn_unused_result
http.c: In function 'send_request':
http.c:1056: warning: ignoring return value of 'fwrite', declared with
attribute warn_unused_result
http.c: In function 'send_response':
http.c:1318: warning: ignoring return value of 'fwrite', declared with
attribute warn_unused_result
+ exit 0
Executing(%install): /bin/sh -e /home/rpmbuild/rpm/tmp/rpm-tmp.98163





I was building and found following warning and it is easy to fix them with
return handling.

This seems to be a bad practise. All sigdness warnings and using
-Wno-pointer-sign to avoid them. It would be great if they are fixed. And
the easiest way to fix them for the time being could be using wrapper
macros around calling to functions with pointer conversion. This is a bad
fix but looking at the number of warnings, it could remove them.

What steps will reproduce the problem?
1. Use ./ratproxy-report.sh submit.txt
2. The report is not generated in valid HTML

What is the expected output? What do you see instead?
Expected output is a valid HTML.  Full report of the HTML is not generated.

What version of the product are you using? On what operating system?
ratproxy version 1.51-beta.  Cygwin.

Please provide any additional information below.
The | delimited file seems to be ok. 

[deleted issue]

The announcement in the Google Online Security Blog
(http://googleonlinesecurity.blogspot.com/2008/07/meet-ratproxy-our-passive-web-
security.html
— last paragraph) links directly to ratproxy-1.50.tar.gz, which is not the
latest version. That can be confusing for people who find ratproxy via a
web search or by reading the blog. For example, see the comments to issue 5.

You could link to the Downloads page
(http://code.google.com/p/ratproxy/downloads/list) instead.

When navigating a site, a site can potentially send the headers for a
redirect, but yet display content.  I would like to see ratproxy report on
this, as the information exposed may not be authorized information.

Sample output from a redirect page using Telnet (this page should only be
available to authenticated users):

HTTP/1.1 302 Found
Date: Wed, 17 Sep 2008 18:25:40 GMT
Server: Apache/2.0.55 (Win32)
Status: 302
Set-Cookie: PHPSESSID=fna4oub597j7teu7klg4s3j5u3; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Powered-By: Zend Core/1.5.0 PHP/5.1.6
Location: http://www.google.ca/
Transfer-Encoding: chunked
Content-Type: text/html

42
<html>
<body>
Authenticated content goes here!
</body>
</html>
0

What steps will reproduce the problem?
1. Run the make command for ratproxy from cygwin

What is the expected output? What do you see instead?

The expected output is for the make file to succeed with no errors.

Instead I see a message saying: "cc1: error: unrecognized command line
option "Wno-pointer-sign". I get this message 4 times. At the end the
command line says: "make: *** ratproxy Error 1

What version of the product are you using? On what operating system?

I am using the latest version , I am on windows vista sp1, with cygwin bash
shell.

Please provide any additional information below.

What steps will reproduce the problem?
1. on host xyz.com run ./ratproxy -v /result -w /result/ratproxy.log -d 
abc.com -lextifscgjm
ratproxy version 1.51-beta by <[email protected]>
[*] Proxy configured successfully. Have fun, and please do not be evil.
[+] Accepting connections on port 8082/tcp (local only)...
by <[email protected]>
[*] Proxy configured successfully. Have fun, and please do not be evil.
[+] Accepting connections on port 8080/tcp (local only)...

2. Go to another PC, config the proxy setting on IE7 as 
uncheck "Automatically detect settings" and "Use automatic configuration 
scripts". Only check "User a proxy server for your LAN..." put ip of 
xyz.com into Address area, port 8080 into Port area. OK.
3. Access a web application as abc.com , no recording happen on ratproxy.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?

ratproxy version 1.51-beta by <[email protected]>
[*] Proxy configured successfully. Have fun, and please do not be evil.
[+] Accepting connections on port 8082/tcp (local only)...

Please provide any additional information below.

What steps will reproduce the problem?
1. run aspell on the sources

What is the expected output?
no misspellings :)

What do you see instead?
a couple

What version of the product are you using?
svn tip (rev 12)

On what operating system?
Linux

Could you please tell me what version of GCC is required for Ratproxy
installation?

Since I'm receiving the following error and I'm not sure what is the issue
with it.  

cc ratproxy.c -o ratproxy  -Wall -O3 -Wno-pointer-sign -D_GNU_SOURCE http.c
mime.c ssl.c -lcrypto -lssl
cc1: error: unrecognized command line option "-Wno-pointer-sign"
cc1: error: unrecognized command line option "-Wno-pointer-sign"
cc1: error: unrecognized command line option "-Wno-pointer-sign"
cc1: error: unrecognized command line option "-Wno-pointer-sign"
make: *** [ratproxy] Error 1


Thank you for your help.
Burhan 

Hello,

I'm trying to use RatProxy to test my Web application.

But sometimes, RatProxy break my requests and there is the following message :

*** glibc detected *** ./ratproxy: malloc(): memory corruption: 0x08ad7490 ***

I use RatProxy on a Debian 5 system.

If anybody can help me...

Thanks,

Thibaut

Very minor bug: On line 35 of Makefile, 'binary' is misspelled in a earning
message.

What steps will reproduce the problem?
1. Start ratproxy
2. Attempt to access a NTLM protected web server: Failure
3. Attempt to access NTLM protected web server directly: Success

What is the expected output? What do you see instead?
On success we should see output of normal web application.
On failure we see nothing.

What version of the product are you using? On what operating system?
Ratproxy version: 1.50
OS version: Solaris 10/Sparc
Target web server: IIS6