I have a java application, that only communicates via websocket on port 1234. I'd like to use ZAP for some fuzz testing. The thing is I can't make OWASP ZAP to see my application. If I want to add it as a site, it won't let me because I can add only http sites. I can't scan "ws://127.0.0.1:1234". How can I do that? I checked the ZAP Wiki, and blogs about adding "websocket sites", but they all added it via http, but I can't do that. I tried a few other tools as well, none seems to work.
Any help is appreciated.
We've got some changes in the pipeline that might make this easier. I'll aim to get back to you asap.
Related
I need to make a website similar to https://hidester.com/proxy/.
My school doesn't have that many protections, just a firewall that blocks access to proxy websites on school computers. I want to self-host something on my network like that where I can put in a website and it will access it for me like a proxy. That way, the proxy is unblocked. I don't want to use any chrome extensions or system software. Does software like that exist already on GitHub or if not, how would I go about making something like that using nodejs or nginx?
alloyproxy, nodeunblocker, pydodge, and powermouse. There are more but these are easy to setup and I use on my site. My sites are hopelessjourney.ga and hopefuljourney.cf
I already develop a Selenium code to perform the web application testing. But i need to perform the security testing for the same application. So Please suggest me how to perform the security testing with selenium code .
Please help to integrate the selenium with ZAP.
Proxy your Selenium tests through ZAP and then use ZAP to test your app.
Exploring apps effectively is always a challenge for automated scanners, but a good set of Selenium tests are a great way to teach a scanner like ZAP about how your app works. You can either not bother using the ZAP Spiders or just use them to catch areas of you app that dont have enough tests. By proxying your tests via ZAP you will automatically get passive scanning, and once they have finnished you can use active scanning to run the more agressive attacks.
ZAP has a very powerful API so can be completely automated for this sort of testing.
I am working on a web app which uses JSF. I would like to know that What are best practices and available tools for performing a load test on it.
Application is hosted on glassfish server 3.1.2.2
Depends somewhat on the site you want to test. At work we have a complex RIA, and to test it we have to reproduce user interaction. We use jMeter for this.
It's kind of messy to set up (look at the guides they have) but once this is done it's very flexible and allows you to configure and tweak many things. I particularly like its "proxy" feature where you can proxy your app through jMeter and it records everything so you can play it back later on. Note that for JSF you have to do some tricks with the ViewStateId, so google a "jmeter JSF" guide for how to set this up.
In a previous project I have used RadView WebLOAD to test a JSF site, it enable recording the user scenario and handles correlating the dynamic values.
I'm trying to use UnboundID's LDAP SDK to fetch contacts present on an LDAP server.
I'm using the VirtualListView(VLV) Control along with Server-side sort in my code and this code works perfectly fine when I tested with a LDAP server configured in my organization.
However, I wanted to setup a local server and add certain contacts/entries to it and test my code with that server. For this, I used OpenLDAP and configured it on Ubuntu 10.04 using instructions from this link: http://www.ghacks.net/2010/08/31/set-up-your-ldap-server-on-ubuntu-10-04/
Now, when I tried getting the contacts, my code does not work as the server I've setup is not supporting VLV. When I perform a simple search, i.e. without any VLV or other paging technique, then I am able to see the results. This means the server is working fine, but not supporting VLV control.
So what I need to know is how can I enable support for VLV or any other required controls for my server?
Please do let me know if anyone knows how to achieve this. Hors of googling hasn't lead to any promising results :(
Thanks & Regards,
Kiran
Question is off topic, should be on serverfault.com, but you have to load, enable, and configure the SSSVLV overlay.
Forget that blog, and all random Internet blogs while you're at it. Have a good look at the OpenLDAP Admin Guide itself, which is where you should have started. I can also recommend a really good reference here, but only because I've used it extensively, not just because Google said so.
Do you know any node.js application that do something similar to http://olark.com. Not necessarily for multiple website, I just need it for single domain.
I just want to install it myself on heroku and run chat customer support for my website on it.
Thanks,
Michal
Try out opensource-olark. I built it for my own use - it may be useful to you. It is not entirely based on Nodejs. But it works exactly like Olark. It uses strophe.js - A xmpp push based library for jabber which works with BOSH
try http://www.vivocha.com, based on node.js
It's very symple to use and you can integrate with other applications via API (with CRMs and ticketing systems for exemple).
This platform, with only one line of code on your website, allow you to configure all the widgets, without other tech skills needed.
And also, you can adding voice on your website, so you can call with your visitors directly on your web pages.
There are open source tools that you can check out like :
http://nowjs.com
http://www.socketstream.org
They allow you to incorporate realtime features into your nodejs app & you can probably have a very simplified olark-type app in just a couple lines of code.