Re: [W3af-users] Certificate authentication

2011-10-08 Thread Desmond
Hi, Thanks! Was fiddling with it last night and am impressed by the functions it provide for web pentest! :) Sent from my iPhone On Oct 7, 2011, at 9:20 PM, Raul Siles wrote: > Hi, > I strongly recommend all you to use OWASP ZAP instead of Webscarab for > any client certificate or smartcard s

Re: [W3af-users] Certificate authentication

2011-10-07 Thread Raul Siles
Hi, I strongly recommend all you to use OWASP ZAP instead of Webscarab for any client certificate or smartcard support, as new features and bugs are being fixed with newer versions. Cheers, -- Raul Siles - www.raulsiles.com Founder & Senior Security Analyst Taddong (www.taddong.com) On Fri, Oc

Re: [W3af-users] Certificate authentication

2011-10-07 Thread DC
> pUm escribió: > > Hey, > > > > if you need a client certificate authentication via ssl (that's what > > it is about, or? :P), than you can use webscarab and configure it as a > > proxy. Point w3af to use webscarab proxy and configure webscarab to > > use your certificate (Tools -> Certificates -

Re: [W3af-users] Certificate authentication

2009-06-09 Thread cesar bourlot
Exellent idea, ill use it next time. Thnxs a lot. C.- On Tue, Jun 9, 2009 at 12:15 PM, pUm wrote: > Hey, > > if you need a client certificate authentication via ssl (that's what > it is about, or? :P), than you can use webscarab and configure it as a > proxy. Point w3af to use webscarab proxy

Re: [W3af-users] Certificate authentication

2009-06-09 Thread Marcos Orallo Rodríguez
Thank you! I had just finished configuring webscarab with the client certificate for manual testing. I didn't think of using it for w3af too (duh!) :-) pUm escribió: > Hey, > > if you need a client certificate authentication via ssl (that's what > it is about, or? :P), than you can use webscarab a

Re: [W3af-users] Certificate authentication

2009-06-09 Thread pUm
Hey, if you need a client certificate authentication via ssl (that's what it is about, or? :P), than you can use webscarab and configure it as a proxy. Point w3af to use webscarab proxy and configure webscarab to use your certificate (Tools -> Certificates -> Add Key Store). I come to this point

Re: [W3af-users] Certificate authentication

2009-06-09 Thread cesar bourlot
Hi Marcos, I didn't ... You can do a tunnel from localhost to the real target, but apache at server side still ask you for a certificate. Sorry. I finally disable dual (client side) authentication for testing purposes and then enable it later. I plan to continue Andres work some time. Cheers. C.-

Re: [W3af-users] Certificate authentication

2009-06-09 Thread Marcos Orallo Rodríguez
Hi list! cesar bourlot escribió: On Thu, Feb 19, 2009 at 6:32 PM, Andres Riancho wrote: Cesar, 2009/2/19 cesar bourlot : > Hi list, this is my first post, please forgive my poor english. > > I'm having problems with dual SSL aut

Re: [W3af-users] Certificate authentication

2009-02-20 Thread cesar bourlot
Thanks Andres by your fast reply. I'll try your idea. Cheers. On Thu, Feb 19, 2009 at 6:32 PM, Andres Riancho wrote: > Cesar, > > 2009/2/19 cesar bourlot : > > Hi list, this is my first post, please forgive my poor english. > > > > I'm having problems with dual SSL authentication (client side).

Re: [W3af-users] Certificate authentication

2009-02-19 Thread Andres Riancho
Cesar, 2009/2/19 cesar bourlot : > Hi list, this is my first post, please forgive my poor english. > > I'm having problems with dual SSL authentication (client side). > I put my cert.pem and my key.pem in every place I find like > ./core/data/url/handlers/certHTTPSHandler.py:key_file = > "/hom

[W3af-users] Certificate authentication

2009-02-19 Thread cesar bourlot
Hi list, this is my first post, please forgive my poor english. I'm having problems with dual SSL authentication (client side). I put my cert.pem and my key.pem in every place I find like ./core/data/url/handlers/certHTTPSHandler.py:key_file = "/home/nn/key.pem" ./core/data/url/handlers/certHT