'[OWASP-WEBSCARAB] RE: Configuring Webscarab for SSL'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       owasp-webscarab
Subject:    [OWASP-WEBSCARAB] RE: Configuring Webscarab for SSL
From:       "Anjaneya Sastry K" <sastry () lasersoft ! co ! in>
Date:       2006-01-24 14:14:59
Message-ID: PFENKEMHJKDPCGCMMAJAGEIICDAA.sastry () lasersoft ! co ! in
[Download RAW message or body]

Hai Mr.Rogan,

Thanks for your immediate reply. This is the message I am getting on
webscarab.

19:23:07 main(Proxy.createListeners): No proxies configured!?
19:23:09 Listener-127.0.0.1:8008(Listener.listen): Proxy listening on
127.0.0.1:8008
19:23:28 Listener-127.0.0.1:8008(Listener.run): Not listening on
127.0.0.1:8008
19:23:28 Listener-127.0.0.1:8008(Listener.listen): Proxy listening on
127.0.0.1:8008
19:25:59 Listener-127.0.0.1:8008-1(ConnectionHandler.initSSL): Initialised
SSL handler OK
19:26:14 Listener-127.0.0.1:8008-2(ConnectionHandler.run): IOException
retrieving the response
for https://localhost:443/InetBnkgWeb/Login.do : java.io.IOException:
Invalid response
line read from the server: "
-----------------------------------------------
If my server (oc4j)is expecting a client certificate, how to give it through
webscarab?

With Regards,
K.Anjaneya Sastry

-----Original Message-----
From: Rogan Dawes [mailto:rogan@dawes.za.net]
Sent: Tuesday, January 24, 2006 7:11 PM
To: Anjaneya Sastry K
Cc: owasp-webscarab@lists.sourceforge.net
Subject: Re: Configuring Webscarab for SSL


Anjaneya Sastry K wrote:
> Hai,
>
> I am able to use webscarab for http message interception. But how to
> configure ssl connection. I am using Oracle OC4J.
>
> I have downloaded openssl tool and generated PKCS#12 format ssl
certificate
> and loaded into webscarab. Even after that, when I am pointing my proxy to
> https(443) browser does not get the response.
>
> Could anyone HELP me?
>
> Advance Thanks,
>
> K.A.Sastry
>
>

Hi,

You only need to worry about SSL certificates in WebScarab if your
server requires a client-side cert for authentication. Otherwise,
WebScarab is able to intercept HTTPS connections without any additional
effort required, other than configuring your browser to use WebScarab as
a proxy.

e.g. in Internet Explorer, Tool->Internet Options->Connection->LAN Settings

Address should be localhost, port should be 8008. Bypass proxy server
for local addresses should NOT be selected.

Rogan



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Owasp-webscarab mailing list
Owasp-webscarab@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-webscarab
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic