websecuritytool Releases Rss Feed

Updated Release: Watcher v1.5.7 (Mar 28, 2013)

chrisweber — Thu, 28 Mar 2013 18:55:42 GMT

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.
WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.
WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG
Program Watcher Passive Web Security Tool for Fiddler
Version 1.5.7
Release 28-March-2013
License Custom Open Source
Authors Chris Weber
Testers Chris Weber
Contact chris@casaba.com
Website http://websecuritytool.codeplex.com/
Company http://www.casaba.com/
Copyright (c) 2010 - 2013 Casaba Security, LLC. All Rights Reserved.

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.7 2013-03-28
!!! Bug fix in check for custom-defined regex patterns

v1.5.6 2013-01-08
+ New check allows for custom-defined regex patterns
% Minor bugfixes

v1.5.4 2011-10-01
+ New check for internal IP address disclosure
% Watcher now defaults to automatically checking for updates at start

v1.5.3 2011-07-31
! Bug fixes
% X-Frame-Options check now checks every page, unique to path, ignoring query.

v1.5.2 2011-05-21
+ New check for HTTP Strict-Transport-Security header on SSL sites
+ Added free-form text filter to Results display

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-

Released: Watcher v1.5.7 (Mar 28, 2013)

Thu, 28 Mar 2013 18:55:42 GMT

Updated Release: Watcher v1.5.7 (Mar 28, 2013)

chrisweber — Thu, 28 Mar 2013 18:52:20 GMT

Updated Release: Watcher v1.5.6 (Jan 08, 2013)

chrisweber — Wed, 09 Jan 2013 00:48:47 GMT

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.
WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.
WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG
Program Watcher Passive Web Security Tool for Fiddler
Version 1.5.6
Release 08-January-2013
License Custom Open Source
Authors Chris Weber
Testers Chris Weber
Contact chris@casaba.com
Website http://websecuritytool.codeplex.com/
Company http://www.casaba.com/
Copyright (c) 2010 - 2013 Casaba Security, LLC. All Rights Reserved.

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.6 2013-01-08
+ New check allows for custom-defined regex patterns
% Minor bugfixes

v1.5.4 2011-10-01
+ New check for internal IP address disclosure
% Watcher now defaults to automatically checking for updates at start

v1.5.3 2011-07-31
! Bug fixes
% X-Frame-Options check now checks every page, unique to path, ignoring query.

v1.5.2 2011-05-21
+ New check for HTTP Strict-Transport-Security header on SSL sites
+ Added free-form text filter to Results display

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-

Released: Watcher v1.5.6 (Jan 08, 2013)

Wed, 09 Jan 2013 00:48:47 GMT

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.
WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.
WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG
Program Watcher Passive Web Security Tool for Fiddler
Version 1.5.6
Release 08-January-2013
License Custom Open Source
Authors Chris Weber
Testers Chris Weber
Contact chris@casaba.com
Website http://websecuritytool.codeplex.com/
Company http://www.casaba.com/
Copyright (c) 2010 - 2013 Casaba Security, LLC. All Rights Reserved.

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.6 2013-01-08
+ New check allows for custom-defined regex patterns
% Minor bugfixes

v1.5.4 2011-10-01
+ New check for internal IP address disclosure
% Watcher now defaults to automatically checking for updates at start

v1.5.3 2011-07-31
! Bug fixes
% X-Frame-Options check now checks every page, unique to path, ignoring query.

v1.5.2 2011-05-21
+ New check for HTTP Strict-Transport-Security header on SSL sites
+ Added free-form text filter to Results display

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-

Updated Release: Watcher v1.5.5 (Jan 08, 2013)

chrisweber — Wed, 09 Jan 2013 00:21:32 GMT

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.
WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.
WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG
Program Watcher Passive Web Security Tool for Fiddler
Version 1.5.5
Release 08-January-2013
License Custom Open Source
Authors Chris Weber
Testers Chris Weber
Contact chris@casaba.com
Website http://websecuritytool.codeplex.com/
Company http://www.casaba.com/
Copyright (c) 2010 - 2013 Casaba Security, LLC. All Rights Reserved.

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.5 2013-01-08
+ New check allows for custom-defined regex patterns
% Minor bugfixes

v1.5.4 2011-10-01
+ New check for internal IP address disclosure
% Watcher now defaults to automatically checking for updates at start

v1.5.3 2011-07-31
! Bug fixes
% X-Frame-Options check now checks every page, unique to path, ignoring query.

v1.5.2 2011-05-21
+ New check for HTTP Strict-Transport-Security header on SSL sites
+ Added free-form text filter to Results display

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-

Updated Release: Watcher v1.5.4 (Oct 01, 2011)

chrisweber — Sat, 01 Oct 2011 20:33:55 GMT

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.
WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.
WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.4 2011-10-01
+ New check for internal IP address disclosure
% Watcher now defaults to automatically checking for updates at start

v1.5.3 2011-07-31
! Bug fixes
% X-Frame-Options check now checks every page, unique to path, ignoring query.

v1.5.2 2011-05-21
+ New check for HTTP Strict-Transport-Security header on SSL sites
+ Added free-form text filter to Results display

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-8' check to ignore a missing meta tag charset when Content-Type header is defined (thanks Dave Wichers for reporting)
* Moved the check configuration to a tab of its own.
% Updates to the UI look and feel.
% Moved check configurations to their own page in UI.

v1.2.1 - 2009-07-12
!!! Fixed issue where response payloads greater than 200K caused the entire
session to be ignored.

Released: Watcher v1.5.4 (Oct 01, 2011)

Sat, 01 Oct 2011 20:33:55 GMT

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.
WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.
WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.4 2011-10-01
+ New check for internal IP address disclosure
% Watcher now defaults to automatically checking for updates at start

v1.5.3 2011-07-31
! Bug fixes
% X-Frame-Options check now checks every page, unique to path, ignoring query.

v1.5.2 2011-05-21
+ New check for HTTP Strict-Transport-Security header on SSL sites
+ Added free-form text filter to Results display

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-8' check to ignore a missing meta tag charset when Content-Type header is defined (thanks Dave Wichers for reporting)
* Moved the check configuration to a tab of its own.
% Updates to the UI look and feel.
% Moved check configurations to their own page in UI.

v1.2.1 - 2009-07-12
!!! Fixed issue where response payloads greater than 200K caused the entire
session to be ignored.

Updated Release: Watcher v1.5.3 (Jul 31, 2011)

chrisweber — Mon, 01 Aug 2011 02:49:03 GMT

Release, v1.5.3

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.

WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.

WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.3 2011-07-31
! Bug fixes
% X-Frame-Options check now checks every page, unique to path, ignoring query.

v1.5.2 2011-05-21
+ New check for HTTP Strict-Transport-Security header on SSL sites
+ Added free-form text filter to Results display

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-8' check to ignore a missing meta tag charset when Content-Type header is defined (thanks Dave Wichers for reporting)
* Moved the check configuration to a tab of its own.
% Updates to the UI look and feel.
% Moved check configurations to their own page in UI.

v1.2.1 - 2009-07-12
!!! Fixed issue where response payloads greater than 200K caused the entire
session to be ignored.

Released: Watcher v1.5.3 (Jul 31, 2011)

Mon, 01 Aug 2011 02:49:03 GMT

Updated Release: Watcher v1.5.2 (May 04, 2011)

chrisweber — Thu, 05 May 2011 05:35:30 GMT

Release, v1.5.2

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.

WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.

WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.1 - 2011-02-21
+ New check for HTTP Strict-Transport-Security header on SSL sites
+ Added free-form text filter to Results display

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-8' check to ignore a missing meta tag charset when Content-Type header is defined (thanks Dave Wichers for reporting)
* Moved the check configuration to a tab of its own.
% Updates to the UI look and feel.
% Moved check configurations to their own page in UI.

v1.2.1 - 2009-07-12
!!! Fixed issue where response payloads greater than 200K caused the entire
session to be ignored.

Released: Watcher v1.5.2 (May 04, 2011)

Thu, 05 May 2011 05:35:30 GMT

Updated Release: Watcher v1.5.1 (Feb 21, 2011)

chrisweber — Tue, 22 Feb 2011 07:06:10 GMT

Release, v1.5.1

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.

WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.

WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-8' check to ignore a missing meta tag charset when Content-Type header is defined (thanks Dave Wichers for reporting)
* Moved the check configuration to a tab of its own.
% Updates to the UI look and feel.
% Moved check configurations to their own page in UI.

v1.2.1 - 2009-07-12
!!! Fixed issue where response payloads greater than 200K caused the entire
session to be ignored.

Released: Watcher v1.5.1 (Feb 21, 2011)

Tue, 22 Feb 2011 07:06:10 GMT

Updated Release: Watcher v1.5.1 (Feb 21, 2011)

chrisweber — Tue, 22 Feb 2011 07:04:22 GMT

Released: Watcher v1.5.1 (Feb 21, 2011)

Tue, 22 Feb 2011 07:04:22 GMT

Updated Release: Watcher v1.5.1 (Feb 21, 2011)

chrisweber — Tue, 22 Feb 2011 06:48:14 GMT

Updated Release: Watcher v1.5.0 (Nov 17, 2010)

chrisweber — Wed, 17 Nov 2010 23:37:48 GMT

Release, v1.5.0

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.

WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.

WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-8' check to ignore a missing meta tag charset when Content-Type header is defined (thanks Dave Wichers for reporting)
* Moved the check configuration to a tab of its own.
% Updates to the UI look and feel.
% Moved check configurations to their own page in UI.

v1.2.1 - 2009-07-12
!!! Fixed issue where response payloads greater than 200K caused the entire
session to be ignored.

Released: Watcher v1.5.0 (Nov 17, 2010)

Wed, 17 Nov 2010 23:37:48 GMT

Updated Release: Watcher v1.4.1 (Nov 09, 2010)

chrisweber — Tue, 09 Nov 2010 19:44:50 GMT

Release, v1.4.1

Watcher.zip contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.

WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder.

WatcherTFS.zip contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

CHANGELOG

{"
+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-8' check to ignore a missing meta tag charset when Content-Type header is defined (thanks Dave Wichers for reporting)
* Moved the check configuration to a tab of its own.
% Updates to the UI look and feel.
% Moved check configurations to their own page in UI.

v1.2.1 - 2009-07-12
!!! Fixed issue where response payloads greater than 200K caused the entire
session to be ignored.

v1.2.0 - 2009-06-22
+++ Major refactoring.
+++ Including Majestic12 Html Parser (http://www.majestic12.co.uk/).
+++ Added MultiThreading to checks.
+ Added mappings to OWASP ASVS compliance levels.
+ Added checks for X-FRAME-OPTIONS HTTP header.
+ Added checks for IE's X-XSS-Protection HTTP header.
+ Added checks for X-CONTENT-TYPE-OPTIONS:nosniff HTTP header.
+ Added search filter for finding checks.
* Improved check for user controlled attributes to look at all HTML attributes.
* Changed severity for Javascript eval() from Informational to Medium.
! Fixed improper filtering of previously seen cookies.