digest http authentication not working with https
Hi,
Using latest release 1.5.1-0.5.12, I noticed that http authentication with digest type via https return 400 (Bad Request) . When disabling https on server side then digest authentication is successful.
arachni --http-authentication-type digest --http-authentication-username "username" --http-authentication-password "password" "https://192.168.13.17:8844/"
Note that the https server runs on port 8844
Regards
Thierry
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 14 Apr, 2017 11:11 AM
This is handled by
libcurl
so I don't know what's going on.Any chance I can be given access to that web application to try and dig a little deeper?
2 Posted by Thierry Beauqui... on 14 Apr, 2017 02:53 PM
Hi,
Ok then I know what I am missing. I tried with curl and found that to get it working with https I have to provide key/cert as the server is asking for mutual authentication.
I noticed that arachni provides support for cert/key so I will give it a try
Regards
Thierry
3 Posted by Thierry Beauqui... on 14 Apr, 2017 03:15 PM
Hi,
It is working now after providing cert/key location. You can close the ticket
Thanks
Thierry
Support Staff 4 Posted by Tasos Laskos on 14 Apr, 2017 03:32 PM
Glad to hear that.
Tasos Laskos closed this discussion on 14 Apr, 2017 03:32 PM.