tag:support.arachni-scanner.com,2012-07-01:/discussions/questions/12854-scan-over-p12-cert-only-websiteArachni: Discussion 2016-06-06T07:14:17Ztag:support.arachni-scanner.com,2012-07-01:Comment/400297212016-06-03T14:57:59Z2016-06-03T14:57:59Zscan over p12 cert only website<div><p>Hello,</p>
<p>Can you try specifying the certs and keys individually with each
option with files that only include them rather than combine
them?</p>
<p>Also, what error are you seeing with your current
configuration?<br>
You can try using <code>--output-debug=5</code> to get more
information about what's going on.</p>
<p>On a different note, the <code>--audit-include-vector</code>
option requires an argument and is used to whitelist input vectors
by name, i.e. only input vectors whose names match the given
pattern will be checked.</p>
<p>Cheers</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/400297212016-06-03T15:40:11Z2016-06-03T15:40:11Zscan over p12 cert only website<div><p>hi Tasos,</p>
<p>i tried to split the cert<br>
and modify the url in this way:<br>
arachni <a href="https://website.com/">https://website.com/</a>
--authorized-by <a href="mailto:author@me.com">author@me.com</a>
--http-ssl-certificate /home/fnigi/vfwfsdata/publiccert.pem
--http-ssl-certificate-type pem --http-ssl-key
/home/fnigi/vfwfsdata/privatekey.pem --http-ssl-key-type pem
http-ssl-key-password PASSWORD --checks=* --scope-auto-redundant
--audit-forms --audit-cookies-extensively --audit-headers
--audit-json --audit-ui-forms --audit-with-extra-parameter
--audit-links --report-save-path /home/fnigi/ --output-verbose
--output-debug=5</p>
<p>i used this openssl pkcs12 -in myP12File.p12 -nocerts -out
privateKey.pem<br>
and openssl pkcs12 -in myP12File.p12 -clcerts -nokeys -out
publicCert.pem</p>
<p>to generate the key (the key work properly in browser)</p>
<p>the log with debug=5:</p>
<p>it's going ok till header's check but it fail here</p>
<p>[!!!!] [http/client#global_on_complete:586] Client: Performer: #
[!!!!] [http/client#global_on_complete:587] Client: Status: 0
[!!!!] [http/client#global_on_complete:588] Client: Code:
ssl_connect_error [!!!!] [http/client#global_on_complete:589]
Client: Message: SSL connect error [!!!!]
[http/client#global_on_complete:590] Client: URL: <a href="https://THESITE.COM/">https://THESITE.COM/</a> [!!!!]
[http/client#global_on_complete:591] Client: Headers:</p>
<p>[!!!!] [http/client#global_on_complete:592] Client: Parsed
headers: {} [!!!!] [http/client#global_on_complete:600] Client:
------------ [-] Retrying for: <a href="https://THESITE.COM/">https://THESITE.COM/</a> [SSL connect error]
[!!!!] [http/client#global_on_complete:584] Client: ------------
[!!!!] [http/client#global_on_complete:585] Client: Got response
for request ID#: 9</p>
<p>[!!!!] [http/client#global_on_complete:586] Client: Performer:
#</p></div>fabio nigitag:support.arachni-scanner.com,2012-07-01:Comment/400297212016-06-03T15:42:59Z2016-06-03T15:42:59Zscan over p12 cert only website<div><p><code>http-ssl-key-password</code> needs to be
<code>--http-ssl-key-password</code>.</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/400297212016-06-03T15:56:03Z2016-06-03T15:56:04Zscan over p12 cert only website<div><p>sorry Tasos a simple typo it's still failing</p>
<p>[!!!!] [http/client#global_on_complete:592] Client: Parsed
headers: {} [!!!!] [http/client#global_on_complete:600] Client:
------------ [-] [framework/parts/data#pop_page_from_url_queue:147]
Giving up trying to audit: <a href="https://WEBSITE.COM/">https://WEBSITE.COM/</a> [-]
[framework/parts/data#pop_page_from_url_queue:148] Couldn't get a
response after 5 tries: SSL connect error. [!!!!]
[http/client#global_on_complete:584] Client: ------------ [!!!!]
[http/client#global_on_complete:585] Client: Got response for
request ID#: 11</p>
<p>[!!!!] [http/client#global_on_complete:586] Client: Performer: #
[!!!!] [http/client#global_on_complete:587] Client: Status: 0
[!!!!] [http/client#global_on_complete:588] Client: Code:
ssl_connect_error [!!!!] [http/client#global_on_complete:589]
Client: Message: SSL connect error [!!!!]
[http/client#global_on_complete:590] Client: URL: <a href="https://WEBSITE.COM/">https://WEBSITE.COM/</a> [!!!!]
[http/client#global_on_complete:591] Client: Headers:</p>
<p>[!!!!] [http/client#global_on_complete:592] Client: Parsed
headers: {} [!!!!] [http/client#global_on_complete:600] Client:
------------ [!!] [http/proxy_server#shutdown:68] ProxyServer:
Shutting down.. [!!!] [http/proxy_server/connection#on_close:178]
Connection: Closed because: [NilClass] [!!]
[http/proxy_server#shutdown:73] ProxyServer: Shutdown. [!!]
[http/proxy_server#shutdown:68] ProxyServer: Shutting down.. [!!!]
[http/proxy_server/connection#on_close:178] Connection: Closed
because: [NilClass] [!!] [http/proxy_server#shutdown:73]
ProxyServer: Shutdown. [!!] [http/proxy_server#shutdown:68]
ProxyServer: Shutting down.. [!!!]
[http/proxy_server/connection#on_close:178] Connection: Closed
because: [NilClass] [!!] [http/proxy_server#shutdown:73]
ProxyServer: Shutdown. [!!] [http/proxy_server#shutdown:68]
ProxyServer: Shutting down.. [!!!]
[http/proxy_server/connection#on_close:178] Connection: Closed
because: [NilClass] [!!] [http/proxy_server#shutdown:73]
ProxyServer: Shutdown. [!!] [http/proxy_server#shutdown:68]
ProxyServer: Shutting down.. [!!!]
[http/proxy_server/connection#on_close:178] Connection: Closed
because: [NilClass] [!!] [http/proxy_server#shutdown:73]
ProxyServer: Shutdown. [!!] [http/proxy_server#shutdown:68]
ProxyServer: Shutting down.. [!!!]
[http/proxy_server/connection#on_close:178] Connection: Closed
because: [NilClass] [!!] [http/proxy_server#shutdown:73]
ProxyServer: Shutdown. [!] [plugin/manager#block:161] [!]
[plugin/manager#block:162] Waiting on 4 plugins to finish: [!]
[plugin/manager#block:163] healthmap, timing_attacks, discovery,
uniformity [!] [plugin/manager#block:164]</p></div>fabio nigitag:support.arachni-scanner.com,2012-07-01:Comment/400297212016-06-04T12:09:31Z2016-06-04T12:09:31Zscan over p12 cert only website<div><p>Can you try connecting to the site via <code>curl</code> with
the same certs and keys that you used for Arachni?</p></div>Tasos Laskostag:support.arachni-scanner.com,2012-07-01:Comment/400297212016-06-05T06:38:29Z2016-06-05T06:38:30Zscan over p12 cert only website<div><p>Hi Tasos,<br>
thanks for the tip! i checked with curl and i was missing the CA i
added to the command --http-ssl-ca ./ca.pem and now is properly
scanning!</p>
<p>thanks<br>
Fabio</p></div>fabio nigitag:support.arachni-scanner.com,2012-07-01:Comment/400297212016-06-05T06:41:25Z2016-06-05T06:41:25Zscan over p12 cert only website<div><p>Glad you got it working. :)</p></div>Tasos Laskos