Home > Security Tools, Tutorial, Web Application > Using RatProxy in Windows (Updated)

Using RatProxy in Windows (Updated)

These instructions are largely copied from a post by SecureIdeas, but there were enough issues that I had to work through that I thought I’d post what was successful for me.   Using these instructions I was able to successfully install ratproxy on Windows XP SP3 and Windows 7 SP1, both 32-bit systems running in VMware Workstation.

Install Cygwin

  1. Download the Cygwin installer from http://www.cygwin.com.
  2. Run the Setup.exe installer.
  3. Follow the on screen prompts, using the default is fine, until the Utilities screen appears.  Select the following packages:
    1. Select make from the devel package.
    2. Select gcc-core from the devel package.
    3. Search for “openssl” and select the following from the net package.
      • openssl-devel
      • libopenssl
      • openssl
  4. Complete the installation.  This may take some time as it downloads all of the packages needed.

Install ratproxy

  1. Download the package from http://code.google.com/p/ratproxy/.
  2. Unzip the downloaded ratproxy distribution file into the Cygwin directory.  If cygwin was installed to C:\cygwin then ratproxy should be unzipped to C:\cygwin\ratproxy. 
  3. Update Flare (used to decompile flash objects):
    1. For the latest instructions open the readme file in the \ratproxy\flare-dist directory.
    2. Open the URL for the Windows distribution and save the file.
    3. Unzip the file into the \ratproxy\flare-dist directory.
  4. Open a Cygwin bash by double-clicking the C:\cygwin\Cygwin.bat file.
  5. Navigate to the ratproxy directory.  If installed at C:\cygwin\ratproxy, type cd ../../ratproxy and press enter.
  6. Type make and press enter.
    1. If you receive an error that looks like this: “ratproxy.c:1635: error: incompatible type for argument 2 of ‘waitpid'” the ratproxy.c file needs to be modified.
    2. Open ratproxy.c and modify line 1635 “while (waitpid(-1,&x,WNOHANG) > 0);” to be “while (waitpid(-1,(int*)&x,WNOHANG) > 0);“.
    3. run the make command again. This should run successfully.
  7. Add cygwin to your path.
    1. Right-click “My Computer” and select “Properties”.
    2. Select “Advanced system settings” and then select “Environmental Variables”.
    3. Find the “Path” variable under “System Variables” and edit it.
    4. Add “;C:\Cygwin” (without the quotes) to the end of the “Variable Value”.

Before actually running ratproxy (after following the instructions on installing it), make sure that the following .dll files are in the ratproxy directory:

  • cygcrypto-1.0.0.dll (if that’s the version of OpenSSL you installed)
  • cyggcc_s-1.dll
  • cygssl-1.0.0.dll
  • cygwin1.dll
  • cygz.dll

Simplify Running ratproxy

Also, I highly recommend using a batch file to simplify running the proxy, so you don’t have to remember which flags you like to use (just know that the batch file has to be located in the ratproxy directory, if you want it elsewhere, just create a shortcut).

Sample .bat file running RatProxy through Burp listening on 8080 (browser proxy points to RatProxy on 8081):

@echo off

rem default values
set logfilename=""
set domain=""

rem set base log file name and target domain
:setfilename
 set /p logfilename=Enter base log file name: 
 if %logfilename%=="" goto setfilename
 
:setDomain
 set /p domain=Enter target domain (www.domain.com): 
 if %domain%=="" goto setDomain

rem Run ratproxy
start "" "C:\cygwin\ratproxy\ratproxy.exe" ^
-w /cygdrive/c/temp/rp-logs/%logfilename%.log ^
-v /cygdrive/c/temp/rp-traces -d %domain% -p 8081 ^
-P 127.0.0.1:8080 -lextifscgjm
Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: