Hey, if you need a client certificate authentication via ssl (that's what it is about, or? :P), than you can use webscarab and configure it as a proxy. Point w3af to use webscarab proxy and configure webscarab to use your certificate (Tools -> Certificates -> Add Key Store).
I come to this point a few times and webscarab always worked fine for me with my tools. cheers sven 2009/6/9 cesar bourlot <cbour...@gmail.com>: > Hi Marcos, > I didn't ... You can do a tunnel from localhost to the real target, but > apache at server side still ask you for a certificate. > Sorry. I finally disable dual (client side) authentication for testing > purposes and then enable it later. > I plan to continue Andres work some time. > Cheers. > > C.- > > > > On Tue, Jun 9, 2009 at 6:37 AM, Marcos Orallo Rodríguez > <mora...@cert.inteco.es> wrote: >> >> Hi list! >> >> cesar bourlot escribió: >> >> On Thu, Feb 19, 2009 at 6:32 PM, Andres Riancho <andres.rian...@gmail.com> >> wrote: >>> >>> Cesar, >>> >>> 2009/2/19 cesar bourlot <cbour...@gmail.com>: >>> > Hi list, this is my first post, please forgive my poor english. >>> > >>> > I'm having problems with dual SSL authentication (client side). >>> >>> That was a feature that I never finished and that won't be finished >>> for a long time :( >>> I think that you should use http://127.0.0.1:3333/ as your target in >>> w3af, and create a tunnel from 3333:localhost to real_target.tld:443 >> >> Sorry for bringing back this old thread, but I find myself in a similar >> situation. Cesar, did you succeed in using the solution proposed by Andres? >> How did you create the tunnel? >> >> I would greatly appreciate any tips. Thanks! >> >> Marcos Orallo. >> >> >> >> ------------------------------------------------------------------------------ >> Crystal Reports - New Free Runtime and 30 Day Trial >> Check out the new simplified licensing option that enables unlimited >> royalty-free distribution of the report engine for externally facing >> server and web deployment. >> http://p.sf.net/sfu/businessobjects >> _______________________________________________ >> W3af-users mailing list >> W3af-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> > > > > -- > Cesar R. Bourlot > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables unlimited > royalty-free distribution of the report engine for externally facing > server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > > ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
