Thank you! I had just finished configuring webscarab with the client certificate for manual testing. I didn't think of using it for w3af too (duh!) :-)
pUm escribió: > Hey, > > if you need a client certificate authentication via ssl (that's what > it is about, or? :P), than you can use webscarab and configure it as a > proxy. Point w3af to use webscarab proxy and configure webscarab to > use your certificate (Tools -> Certificates -> Add Key Store). > > I come to this point a few times and webscarab always worked fine for > me with my tools. > > cheers > > sven > > 2009/6/9 cesar bourlot <cbour...@gmail.com>: > >> Hi Marcos, >> I didn't ... You can do a tunnel from localhost to the real target, but >> apache at server side still ask you for a certificate. >> Sorry. I finally disable dual (client side) authentication for testing >> purposes and then enable it later. >> I plan to continue Andres work some time. >> Cheers. >> >> C.- >> >> >> >> On Tue, Jun 9, 2009 at 6:37 AM, Marcos Orallo Rodríguez >> <mora...@cert.inteco.es> wrote: >> >>> Hi list! >>> >>> cesar bourlot escribió: >>> >>> On Thu, Feb 19, 2009 at 6:32 PM, Andres Riancho <andres.rian...@gmail.com> >>> wrote: >>> >>>> Cesar, >>>> >>>> 2009/2/19 cesar bourlot <cbour...@gmail.com>: >>>> >>>>> Hi list, this is my first post, please forgive my poor english. >>>>> >>>>> I'm having problems with dual SSL authentication (client side). >>>>> >>>> That was a feature that I never finished and that won't be finished >>>> for a long time :( >>>> I think that you should use http://127.0.0.1:3333/ as your target in >>>> w3af, and create a tunnel from 3333:localhost to real_target.tld:443 >>>> >>> Sorry for bringing back this old thread, but I find myself in a similar >>> situation. Cesar, did you succeed in using the solution proposed by Andres? >>> How did you create the tunnel? >>> >>> I would greatly appreciate any tips. Thanks! >>> >>> Marcos Orallo. >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Crystal Reports - New Free Runtime and 30 Day Trial >>> Check out the new simplified licensing option that enables unlimited >>> royalty-free distribution of the report engine for externally facing >>> server and web deployment. >>> http://p.sf.net/sfu/businessobjects >>> _______________________________________________ >>> W3af-users mailing list >>> W3af-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/w3af-users >>> >>> >> >> -- >> Cesar R. Bourlot >> >> >> ------------------------------------------------------------------------------ >> Crystal Reports - New Free Runtime and 30 Day Trial >> Check out the new simplified licensing option that enables unlimited >> royalty-free distribution of the report engine for externally facing >> server and web deployment. >> http://p.sf.net/sfu/businessobjects >> _______________________________________________ >> W3af-users mailing list >> W3af-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> >> >> ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
