CUTYCAPT

Welcome! This tutorial will cover the basics of using CutyCapt to gather screen captures of web sites. Let’s get started…

What is CutyCapt?
CutyCapt, written by Bjorn Hohrmann, is a command line utility to capture Webkit’s rendering of a web page, and save that rendering as either SVG, PDF, PS, PNG, JPEG, TIFF, GIF, or BMP files.

It’s basically a program that lets you take screenshots of a site, and save it as one of the file types listed above. On the surface, it seems like a simple tool, but there are actually quite a few options you can set when using it.

Why use CutyCapt?
There may be times when you want to see what a page looks like without having to wait on everything to load in a browser. CutyCapt gives you the ability to do this from the command-line, and does a pretty good job at rendering the page. There are other tools that perform a similar function, but their rendering of a page doesn’t always come out very well. CutyCapt seems to excel in this function.

So, before we dive into the program, I just wanted to briefly cover what Webkit is, in case you’re new to all this crazy talk. Webkit is a browser rendering engine, which means when you request a page in a browser, the rendering engine takes all the HTML, CSS, Javascript, and anything else that loads with the page, and displays it to your screen. Webkit is just one of many engines that are in use, and each browser has a specific engine that is uses.

For example, Webkit is used by the Safari browser, while Google Chrome uses one called Blink, Firefox uses Gecko, and Internet Explorer uses Trident. If you want to learn more about these, I’m going to include some links at the end of this article, so check those out when you get a chance.

Now that we’ve covered the basics of what a rendering engine is, let’s take a look at the options available for CutyCapt.

CutyCapt Options

cc-help1

As you can see, there are quite a few options available, and they can basically be broken down into two categories – ones that affect basic program functionality, and ones that affect how a page is returned and rendered.

In order to fully understand what most of these options do, you need to have at least a basic understanding of how HTTP requests work, and how each portion of the code affects how a page is displayed, i.e., how Javascript affects the page, etc.

Basic Screen Capture
Let’s start with a basic screen capture. The command syntax will be:

cutycapt –url=targeturl –out=filename to save as

cc-basic1

We can use the “display” command to open the picture, and see what CutyCapt got for us.

cc-aa-basic1

Everything looks normal on this page, and looks like it rendered correctly.

Change User-Agent
CutyCapt gives you the ability to change the User-Agent that’s sent in the HTTP request. As you probably know, some sites have different versions of pages for users viewing the page on a PC versus some type of mobile device. We’ll set the User-Agent to make it appear as though we’re requesting the site from a Samsung Galaxy S5 phone. Let’s see what that looks like.

cc-useragent1

And the image…

cc-useragent2

Looks different from the original page, huh? This can be a good thing for pen-testers. If you’re doing a web app pen-test, you may find that mobile versions of sites have security weaknesses that the regular site doesn’t have. It’s always a good idea to see if these different pages exist.

On a side note, you can do this same type of test from your browser. Using Firefox, install the User-Agent Switcher add-on, which lets you change the User-Agent string sent with the HTTP request.

Disable JavaScript
Now let’s see what the page looks like if we disable Javascript. The syntax will be:

cc-javascriptoff1

And the image…

cc-javascriptoff2

You can see what happens to the looks, and functionality of a site when JavaScript is disabled. This is another good thing to do when you’re performing a web app test. See what happens when you disable JavaScript. It could lead to a vulnerability.

So, that’s the quick and dirty of how CutyCapt works. You can also do other things like change the HTTP method used, change the header data, and disable plugins for a page. Play around with it, and pay careful attention to how a page is rendered when you “break” some of the built-in functionality.

Further Reading
Check out these links to learn more about the magic of HTTP requests:

CutyCapt Project Page
http://cutycapt.sourceforge.net/

List of Layout Engines:
https://en.wikipedia.org/wiki/List_of_layout_engines

Comparison of Web Browsers
https://en.wikipedia.org/wiki/Comparison_of_web_browser_engines

User-Agent Info
https://en.wikipedia.org/wiki/User_agent

HTTP Request Info
http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html

HTTP Request Header Info
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

Thanks for reading!

-Jason