[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-webscarab
Subject: Re: [Owasp-webscarab] Question on Webscarab and PKCS#11 Devices?
From: Rogan Dawes <rogan () dawes ! za ! net>
Date: 2010-07-31 5:11:33
Message-ID: 4C53B085.5040302 () dawes ! za ! net
[Download RAW message or body]
On 2010/07/30 10:23 PM, Brad Showalter wrote:
> Rogan,
>
> Many thanks on your continued work in this space.
>
> I'm currently playing around with Webscarab to test interaction with a
> two factor enforced web site. I'm stuck in that I've got to have 2
> safenet tokens plugged in at the same time - one for personal network
> authn while the other holds my test credential for testing of the web
> site. Webscarab appears to only find the token I need for n/w auth and
> I'm unsure about how to find the second token. The parameters requested
> by webscarab (name, library, password) basically only allow for
> differentiation at the password level since the tokens I'm using are
> from the same vendor and use the same DLL - entry of the n/w token PIN
> loads the associated cert, but entry of the test token PIN results in a
> "Error loading Key Store: java.lang.ArrayIndexOutOfBoundsException: -1";
> I assume the password is being addressed against the n/w token and fails
> as the PINs are different.
>
> Curious on your thoughts?
>
> Have a great weekend.
>
> Cheers,
> Brad
Hi Brad,
Basically, WebScarab constructs a very simple configuration file, and
then reads it to initialise the PKCS#11 library. You can try checking
out this page, and experimenting with some of the options to see which
token you connect to:
<http://www.cs.sjsu.edu/CRC/documentation/jdk1.5.0/docs/guide/security/p11guide.html>
There is also a simple PKCS11 test program on my site that you can use
to test your changes:
http://dawes.za.net/rogan/PKCS11Test.java
Good luck, and please let me know the results, so I can make the
necessary changes in WebScarab.
Rogan
_______________________________________________
Owasp-webscarab mailing list
Owasp-webscarab@lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-webscarab
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic