Welcome! This tutorial will cover the basics of using CutyCapt to gather screen captures of web sites. Let’s get started…
What is CutyCapt?
CutyCapt, written by Bjorn Hohrmann, is a command line utility to capture Webkit’s rendering of a web page, and save that rendering as either SVG, PDF, PS, PNG, JPEG, TIFF, GIF, or BMP files.
It’s basically a program that lets you take screenshots of a site, and save it as one of the file types listed above. On the surface, it seems like a simple tool, but there are actually quite a few options you can set when using it.
Why use CutyCapt?
There may be times when you want to see what a page looks like without having to wait on everything to load in a browser. CutyCapt gives you the ability to do this from the command-line, and does a pretty good job at rendering the page. There are other tools that perform a similar function, but their rendering of a page doesn’t always come out very well. CutyCapt seems to excel in this function.
For example, Webkit is used by the Safari browser, while Google Chrome uses one called Blink, Firefox uses Gecko, and Internet Explorer uses Trident. If you want to learn more about these, I’m going to include some links at the end of this article, so check those out when you get a chance.
Now that we’ve covered the basics of what a rendering engine is, let’s take a look at the options available for CutyCapt.
As you can see, there are quite a few options available, and they can basically be broken down into two categories – ones that affect basic program functionality, and ones that affect how a page is returned and rendered.
Basic Screen Capture
Let’s start with a basic screen capture. The command syntax will be:
cutycapt –url=targeturl –out=filename to save as
We can use the “display” command to open the picture, and see what CutyCapt got for us.
Everything looks normal on this page, and looks like it rendered correctly.
CutyCapt gives you the ability to change the User-Agent that’s sent in the HTTP request. As you probably know, some sites have different versions of pages for users viewing the page on a PC versus some type of mobile device. We’ll set the User-Agent to make it appear as though we’re requesting the site from a Samsung Galaxy S5 phone. Let’s see what that looks like.
And the image…
Looks different from the original page, huh? This can be a good thing for pen-testers. If you’re doing a web app pen-test, you may find that mobile versions of sites have security weaknesses that the regular site doesn’t have. It’s always a good idea to see if these different pages exist.
On a side note, you can do this same type of test from your browser. Using Firefox, install the User-Agent Switcher add-on, which lets you change the User-Agent string sent with the HTTP request.
And the image…
So, that’s the quick and dirty of how CutyCapt works. You can also do other things like change the HTTP method used, change the header data, and disable plugins for a page. Play around with it, and pay careful attention to how a page is rendered when you “break” some of the built-in functionality.
Check out these links to learn more about the magic of HTTP requests:
CutyCapt Project Page
List of Layout Engines:
Comparison of Web Browsers
HTTP Request Info
HTTP Request Header Info
Thanks for reading!