Sandcat: a powerful but free security and developer-oriented browser

November 22, 2012 – 10:04 by in Tips Print Share No Comment

If you’d like more information on the low-level details of how a particular web page works – for security or web development reasons, say – then the usual route is find and install a few extensions. Firefox alone has more than 1,000 addons in its Web Development section which could prove very useful.

But if researching all of those seems too much like hard work, you might prefer to simply download the free Sandcat 3.0, a penetration-oriented browser with plenty of advanced functionality already built it.

Despite its specialist nature, Sandcast is supremely easy to use. It’s portable, and based on Chromium, so you’ll be up and running in seconds: unzip and launch the browser, enter a URL and you’re off.

Sandcat is a custom Chromium build with some powerful extensions built in

When you need to know more about your current page, though, clicking the tabs at the bottom of the program window can help. You’re able to view the page source code, for instance, and your HTTP headers (sent and received). There’s also a list of page objects, and clicking any of these displays them in a preview pane, allowing you to (for instance) view whatever scripts might be included.

This is just the start, though. The browser also includes extensions to display HTTP headers as they’re sent and received in real time. You can view cookies associated with the current page, or change the Sandcat user agent to identify you as Chrome, Firefox, IE, Safari, Opera or anything else you like.

Tor integration should in theory allow you to browse anonymously in a couple of clicks. (This didn’t work for us – Sandcat crashed, instead – but version 3.0 is currently a beta, so maybe you’ll be luckier.)

And elsewhere you get a stack of developer tools, which give you an in-depth view of every page component and detailed reports on how they affect performance.

And of course there are all the features more oriented to penetration testing, which is why Sandcat exists in the first place. So you can load and run custom scripts, for instance, there’s a request editor, a fuzzer extension, CGI scanner scripts, encoding and decoding tools, and more.

None of this functionality gets in the way, though. So if you’ll use everything Sandcat has to offer, great; but if you only want easier access to one or two of its advanced features, don’t worry – you’ll be able to do so, it’s all very easy to use: there’s something here for every level of user.

Tags: ,

Comments are closed.