digest http authentication not working with https

Thierry Beauquier's Avatar

Thierry Beauquier

13 Apr, 2017 04:48 PM

Hi,

Using latest release 1.5.1-0.5.12, I noticed that http authentication with digest type via https return 400 (Bad Request) . When disabling https on server side then digest authentication is successful.

arachni --http-authentication-type digest --http-authentication-username "username" --http-authentication-password "password" "https://192.168.13.17:8844/"

Note that the https server runs on port 8844

Regards
Thierry

  1. Support Staff 1 Posted by Tasos Laskos on 14 Apr, 2017 11:11 AM

    Tasos Laskos's Avatar

    This is handled by libcurl so I don't know what's going on.
    Any chance I can be given access to that web application to try and dig a little deeper?

  2. 2 Posted by Thierry Beauqui... on 14 Apr, 2017 02:53 PM

    Thierry Beauquier's Avatar

    Hi,

    Ok then I know what I am missing. I tried with curl and found that to get it working with https I have to provide key/cert as the server is asking for mutual authentication.

    I noticed that arachni provides support for cert/key so I will give it a try

    Regards
    Thierry

  3. 3 Posted by Thierry Beauqui... on 14 Apr, 2017 03:15 PM

    Thierry Beauquier's Avatar

    Hi,

    It is working now after providing cert/key location. You can close the ticket

    Thanks
    Thierry

  4. Support Staff 4 Posted by Tasos Laskos on 14 Apr, 2017 03:32 PM

    Tasos Laskos's Avatar

    Glad to hear that.

  5. Tasos Laskos closed this discussion on 14 Apr, 2017 03:32 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac