July 7, 2008
Recently, I have been studying web application security and some of my research led me to Ratproxy. Ratproxy is a web application security audit tool recently released by Google. In this post I will show you how to install Ratproxy in a Windows environment.
What you will need:
- In order to run ratproxy in a windows environment you will need Cygwin (http://www.cygwin.com/).
- The current Ratproxy release — http://code.google.com/p/ratproxy/.
From the Cygwin home page (http://www.cygwin.com/).:
- Select the “Install or update now!” link to download the Cygwin setup.
- When the download is complete run setup.exe.
- Select “Install from Internet” > Next.
- The next few screens are self explanatory. You will choose your installation directory (the default is fine) and a few other options (all of the default options should be fine).
- After you choose a mirror the download will begin. After the download is complete you will be presented with a screen prompting you to select the packages you would like to install. VERY IMPORTANT– There are a few utilities required to build Ratproxy that are not installed by default by the Cygwin installer.
- make – Located in ‘Devel’.
- gcc-core – Also located in ‘Devel’.
- openssl-devel – Also located in ‘Devel’.
- openssl (The OpenSSL runtime environment) – Located in ‘Libs’ or ‘Net’.
The preceding four packages must be installed or you will not be able to build or run Ratproxy. Make sure they are not being skipped (there should be an X in the box next to each item).
Once Cygwin is installed with all of the required packages you are ready to build Ratproxy.
- Unzip Ratproxy into your Cygwin directory (c:\cygwin).
- Modify the make file packaged with Ratproxy – The Ratproxy Makefile contains a flag that is not compatible with the compiler installed with Cygwin. This can be fixed by making a small modifcation to Makefile.
- Open Makefile (located at the root of your Ratproxy install).
- Look for this line — CFLAGS = -Wall -O3 -Wno-pointer-sign -D_GNU_SOURCE
- Remove -Wno-pointer-sign
- Flare-dist – Now you need to download the Flare action script decompiler for Windows. From the Ratproxy root open the flare-dist directory. Directions for downloading the Flare action script decompiler are in the README file. Download the distribution at http://www.nowrap.de/download/flare06doswin.zip. Then unzip the file into Ratproxy/flare-dist. You should now have a file called flare.exe (remove the file that was distributed with Ratproxy — flare with no extension).
- Make Ratproxy – Now we are ready to make Ratproxy.
- Open your Cygwin bash shell (by selecting your Cygwin shortcut or by running Cygwin.bat).
- Navigate into the Ratproxy directory – At the command prompt enter ‘cd /ratproxy’ (remember we saved Ratproxy at our Cygwin root).
- Run make – At the command prompt enter ‘make’
The affected portions of the Makefile should now look like this:
PROGNAME = ratproxy CFLAGS = -Wall -O3 -D_GNU_SOURCE LDFLAGS = -lcrypto -lssl
The ‘make’ command should run and complete successfully. You will be left with a compiled ratproxy.exe in your Ratproxy directory. Important: In order to run Ratproxy you will need to make sure the Cygwin/bin directory is in your Windows path (else the exe will blow up when you run it).
To add the Cygwin libraries to your Windows path (in Vista).
- Right-click the ‘My Computer Icon’ and select ‘Properties’.
- Select ‘Advanced system settings’ and then select the ‘Environmental Variables’ button.
- Find the ‘Path’ variable under ‘System variables’ and select the ‘Edit’ button.
- Append ;C:\Cygwin\bin to the ‘Variable value’.