unable to get --http-proxy working
Hello,
I want scanner traffic to pass through ZAP proxy. So, I used --http-proxy option but it didn't work. However, I can successfully connect to ZAP proxy from my firefox browser. I am using "Arachni 2.0dev (ruby 2.2.3p173) [x86_64-linux]" on RHEL 7.
I tried following combinations without any success:
--http-proxy="http://10.13.35.151:8080" --http-proxy='http://10.13.35.151:8080' --http-proxy= http://10.13.35.151:8080 --http-proxy http://10.13.35.151:8080 --http-proxy="10.13.35.151:8080" --http-proxy='10.13.35.151:8080' --http-proxy= 10.13.35.151:8080 --http-proxy 10.13.35.151:8080
Am I doing something wrong here.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 23 Dec, 2016 02:05 PM
--http-proxy=10.13.35.151:8080
should have worked but I'm not aware of any issues with that option. Have you tried setting the--http-proxy-type
to the right type? Automatic detection can fail sometimes.2 Posted by Piyush on 23 Dec, 2016 02:10 PM
yes I tried that as well. Unfortunately, it didn't help too.
Support Staff 3 Posted by Tasos Laskos on 23 Dec, 2016 02:21 PM
I'm not sure what's going on but I can confirm that the option works properly, I just verified it using an intercepting HTTP proxy.
4 Posted by Piyush on 23 Dec, 2016 03:27 PM
I just ran straight away scan on target without any vector feed and other customization and I am getting timeout error for all 6 browsers spawned. Any possibility of timeout due to HTTPS certificate issue. I didn't receive any request in my proxy tool.
command used
./arachni https://example.com/test/ --http-proxy=10.13.35.151:8080
Support Staff 5 Posted by Tasos Laskos on 24 Dec, 2016 07:13 AM
It's probably because the browser processes took a long time to spawn, the nightlies allow a larger timeout that should resolve the issue.
6 Posted by Piyush on 27 Dec, 2016 12:52 PM
I believe browser processes are spawned correctly but due to proxy switch there is some communication issue between scanner and proxy. Hence, timeout occurred.
command used
./arachni https://example.com/test/ --http-proxy=10.13.35.151:8080 --http-proxy-type=http
Just to reconfirm on --http-proxy switch. This means arachni ---> proxy ----> target
Support Staff 7 Posted by Tasos Laskos on 27 Dec, 2016 12:56 PM
That's not the browsers, that's the system in general. Something's wrong with the proxy, there's no com between arachni and the target.
8 Posted by Piyush on 27 Dec, 2016 01:33 PM
Any way to debug. I tried both burp & zap proxy and result is same; timeout. I tried running proxy on different systems too without any success. Additionally, in both the cases traffic from browser went well to proxy.
Is there any requirement of running scanner with admin privileges?
Support Staff 9 Posted by Tasos Laskos on 27 Dec, 2016 03:28 PM
No it's not a privilege issue and there's not much to debug, there's no response at all from either the proxy of the target.
I'm not sure how I can help you since I'm pretty certain that proxy support works in Arachni as I was able to ran a proxied scan.
10 Posted by Piyush on 28 Dec, 2016 07:40 AM
I found that there was a network issue with that host. Tried on a different host and it is working good. I can run a proxied scan now. Thanks!
Tasos Laskos closed this discussion on 28 Dec, 2016 08:13 AM.