Anestis Bechtsoudis » HTTPS http://bechtsoudis.com Driven by Passion for Challenges Tue, 01 Jul 2014 12:30:55 +0000 en-US hourly 1 http://wordpress.org/?v=3.9.2 Running WeBaCoo over HTTPS through proxy http://bechtsoudis.com/2011/12/20/running-webacoo-over-https-through-proxy/#utm_source=rss&utm_medium=rss&utm_campaign=running-webacoo-over-https-through-proxy http://bechtsoudis.com/2011/12/20/running-webacoo-over-https-through-proxy/#comments Tue, 20 Dec 2011 14:07:35 +0000 http://bechtsoudis.com/?p=1077 Recently I got a bunch of emails asking how to run WeBaCoo against HTTPS websites. Current 0.2 version does not support SSL/TLS protocols, although you can use the built-in proxy support combined with tools that offer proxy features (ZAP, Burp etc.) instead. WeBaCoo can use a web proxy with HTTPS support to establish the secure connection with the web server, and then send the request and get the relevant responses through it. The rest of the article will provide a relevant case study using ZAP‘s proxy support.

 

Initially ZAP is started and configured to run a localhost HTTP proxy on port 8080.

 

With the local proxy listening, WeBaCoo’s proxy support can be used to establish the secure connection with the remove web server.

root@testbed:~# ./webacoo.pl -t -u https://example.com/https_test.php -p 127.0.0.1:8080

 

And here are the requests & responses that ZAP captured:

 

 

 
A. Bechtsoudis

]]> http://bechtsoudis.com/2011/12/20/running-webacoo-over-https-through-proxy/feed/ 0