Can Arachni proxy handle https protocol?
i'm trying to scan some sites - familysecure.com for example - and when site goes HTTPS, there is something it doesn't like about the Arachni proxy. when doing it with BURP or even WebInspect, the site is good. but through arachni, it barfs.
what can i do to troubleshoot this situation?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 17 Aug, 2015 08:34 PM
Hello,
Which version are you using?
Cheers
2 Posted by marktma on 17 Aug, 2015 08:36 PM
nightly build 2.0 dev 1.0 64 bit dated 7/21
Support Staff 3 Posted by Tasos Laskos on 17 Aug, 2015 08:53 PM
Can you try with the latest stable release or even the latest nightly?
It seems to be working fine against the site you mentioned.
What was the issue you were seeing btw? Some browser warning or something?
If so, you may have to install the root Arachni CA in your browser, its location will be printing in the console when running the proxy.
4 Posted by marktma on 17 Aug, 2015 08:55 PM
i think you hit the issue on the head. can i just browse to the site without the proxy settings to install the root CA? or is there some other procedure?
working on installing the latest nightly currently.
the issue presents as the inability to complete logon. where the other applications (BURP, Webinspect) are able.
Support Staff 5 Posted by Tasos Laskos on 17 Aug, 2015 08:59 PM
The procedure depends on the browser, a simple google search should give you the instructions. It'll be somewhere in their security settings.
6 Posted by marktma on 17 Aug, 2015 09:09 PM
i see what you are describing! import it from ../system/gems/bundler/...
thank you!
7 Posted by marktma on 17 Aug, 2015 10:35 PM
so.. i created a .p12 from the .pem files in the arachni directory and imported them into Mozilla. The cert is there, but when i run in proxy mode, i still get to login and it bombs out at the second login screen (additional security info step).
Support Staff 8 Posted by Tasos Laskos on 17 Aug, 2015 10:38 PM
I'm not sure what you mean, could you send me step by step instructions in order to reproduce the issue?
You can do so via e-mail if you prefer.
9 Posted by marktma on 17 Aug, 2015 10:49 PM
there's nothing unusual to see, so regular email should work fine. which email address should i use?
Support Staff 10 Posted by Tasos Laskos on 17 Aug, 2015 10:50 PM
[email blocked]
11 Posted by marktma on 17 Aug, 2015 11:33 PM
info forwarded
Support Staff 12 Posted by Tasos Laskos on 18 Aug, 2015 02:12 AM
Turns out it was a cookie encoding issue, I'm now testing the fix.
I'll let you know once I have some nighlties for you to test.
Cheers
13 Posted by marktma on 18 Aug, 2015 02:46 AM
you are simply awesome! thank you!!
Support Staff 14 Posted by Tasos Laskos on 18 Aug, 2015 07:44 AM
Should be good to go now, give them a try.
15 Posted by marktma on 18 Aug, 2015 04:54 PM
downloaded the latest.. and wanted to give great news update!
unfortunately. it looks like after i login successfully! i close down the proxy so that the scan can proceed. but it just sits there.
the last comment is:
[*] Proxy: Shutting down...
and that's it. it's not moving into scan mode..
(sorry)
Support Staff 16 Posted by Tasos Laskos on 18 Aug, 2015 11:20 PM
Hm, that's a new one, at least we're making progress.
Looking into it.
Support Staff 17 Posted by Tasos Laskos on 18 Aug, 2015 11:33 PM
Ok, that was completely my bad pushing a nightly with the fix now.
18 Posted by marktma on 18 Aug, 2015 11:41 PM
i'll try it again when the nightly is pushed! thank you so much!
Support Staff 19 Posted by Tasos Laskos on 19 Aug, 2015 01:49 AM
Done, try them out.
20 Posted by marktma on 20 Aug, 2015 05:31 PM
was offsite yesterday. but just ran it and !!! success! :D thank you! well done. much appreciated
marktma closed this discussion on 20 Aug, 2015 05:32 PM.