Watcher v1.5.8

Rating:        Based on 5 ratings
Reviewed:  1 review
Downloads: 88422
Change Set: 63cd1a6cb973b03
Released: Jun 25, 2013
Updated: Jun 25, 2013 by chrisweber
Dev status: Stable Help Icon

Recommended Download

Application WatcherSetup.exe
application, 173K, uploaded Jun 25, 2013 - 79866 downloads

Other Available Downloads

application, 111K, uploaded Jun 25, 2013 - 7507 downloads
application, 20K, uploaded Feb 25, 2010 - 1049 downloads

Release Notes contains the two DLL's for manual installation of the plugin - drop them in your Fiddler2\Scripts user or program files folder.
WatcherSetup.exe is an installer built with NSIS that will copy the two DLL's into either your Fiddler2\Scripts user or program files folder. contains the Team Foundation Server (TFS) component which Watcher uses to export results to TFS. Installation and further instructions are included in the ZIP file.

Program Watcher Passive Web Security Tool for Fiddler
Version 1.5.8
Release 25-June-2013
License Custom Open Source
Authors Chris Weber
Testers Chris Weber
Copyright (c) 2010 - 2013 Casaba Security, LLC. All Rights Reserved.

+++ major new feature
+ minor new feature
* changed feature
% improved performance or quality
! fixed minor bug
!!! fixed major bug

v1.5.8 2013-06-25
! Fixed bug in SSL certificate validation

v1.5.7 2013-03-28
!!! Bug fix in check for custom-defined regex patterns

v1.5.6 2013-01-08
+ New check allows for custom-defined regex patterns
% Minor bugfixes

v1.5.4 2011-10-01
+ New check for internal IP address disclosure
% Watcher now defaults to automatically checking for updates at start

v1.5.3 2011-07-31
! Bug fixes
% X-Frame-Options check now checks every page, unique to path, ignoring query.

v1.5.2 2011-05-21
+ New check for HTTP Strict-Transport-Security header on SSL sites
+ Added free-form text filter to Results display

v1.5.1 - 2011-02-21
% Moving checks to Majestic12 HtmlParser to overcome some bottlenecks.
% Deprecating some Utility.cs functions.
! Fixing various minor bugs.

v1.5.0 - 2010-11-17
+++ Added a button to process sessions offline. Now a user can load a .SAZ (session archive) file and process the data offline in Fiddler/Watcher.
% Fixed the ProgressDialog control to move incrementally.

v1.4.1 - 2010-11-09
* Exporting results now includes all results rather than just those selected.
* XML report now includes metadata about Watcher version and configuration.
% Check for 'Charset not UTF-8' improvements.

v1.4.0 - 2010-04-24
Attempts have been made at noise-reduction, see below.
Wiki has been updated with more check descriptions, all linked to from inside Watcher.
+++ Check descriptions all improved and updated with recommendations and external references.
+ New check for javascript document.domain lowering.
* IMPORTANT: All cookie checks now perform noise filtering by default, with no option to change.
* New installations now come with a few noisy checks disabled by default.
* New installations now come with some check configs enabled by default to reduce noise.
! Fixed bug in loosely scoped domain where it wasn't defaulting to origin when one's not specified.
! Fixed bug where check configurations weren't saving.
! Assorted bug fixes.

v1.3.0 - 2010-02-25
+++ .NET Framework 3.5 is now required.
+++ Optional plugin (separate download) to export results to Team Foundation Server (TFS).
+ New (BETA) check for ASP.NET VIEWSTATE tampering vulnerability. (thanks to Bryan Sullivan for suggestions)
+ New (BETA) check for JavaServer Faces ViewState tampering vulnerability. (thanks to David Byrne for ideas)
+ New check for Silverlight EnableHtmlAccess.
+ Export results to HTML report.
+ If no origin domain is specified, each response domain will be treated as the origin, enabling better cross-domain analysis.
+ Added compliance mappings for Microsoft SDL.
! Assorted bug fixes throughout check library.

v1.2.2 - 2009-07-24
+ User-Agent now sends version information during update check for tracking purposes.
+ Added Windows 7 support to installer.
! Fixed the configuration page so checking and unchecking immediately affect what checks are run on a request.
! Checks that maintain URL caches weren't clearing when the results list was cleared.
* Changed the 'Charset not UTF-

Reviews for this release

Watcher is an excellent passive web application security evaluation tool, I highly recommend it.
by adriendb on Apr 19, 2010 at 1:40 PM