I am trying to set up Zed Attack Proxy with Firefox to scan my web application. For some reason the following the steps in their guide didn't work: https://youtu.be/Xp_PBH7wjiw
Firefox keeps giving a "The connection was reset" error. It's not just for my website though, I can't even open google.com without it giving the connection was reset error. Any help would be appreciated.
Have a look at this FAQ https://github.com/zaproxy/zaproxy/wiki/FAQhelp
Can you proxy http traffic, ie is it just https traffic that fails?
Have you imported the ZAP root certificate?
Are there any errors in the zap.log file?
Cheers,
Simon (ZAP Project Lead)
Related
Recently, I made a setup where I pointed some websites to a redirect server. The redirect server in return served the website requests using ProxyPass directive of Apache2. It worked like a charm without even a single problem for my websites.
So, based on that I have got an idea to access internet via Apache2. Please note that this is because I do not have access to fast internet and every internet provider is so lousy and lame here to provide better connection speeds even for the lot of money I pay to them.
Now, https as better speends than VPN.
So, the idea is to get rid of VPN and SSH tunnel redirects and instead, resolve every domain on my Mac to a single server IP address which should be a redirect server and which can in turn bring me back every web request made from my Mac. Possible? This will make me to always use https to my own redirect server. https has better speed than VPN for me whenever I try and when I am on VPN things are too slow for me, may be because of level of encryption. Please note that I do not want solution using PPTP, L2TP and anything else which are lighter than OpenVPN (using Pritunl).
Please let me know if anything like that is possible and if yes then how.
Even though if it does not work, my mind always gets this idea every time. I just want someone to shed light on this and shut down my idea if its the worst by far. Thanks in advance.
Also, I have also seen some proxy sites where I put any website link on their website and their website works like a browser as if I am surfing on their remote server itself. May be something like that can be useful and speedy for me. But, I do not want to use them because I do not trust those sites for security. No way.
Got a solution myself without any kind of VPN.
Actually I needed to make my DNS secure and connections to my server Apps secure. So, for that I tried DNSCrypt-Proxy and its working great and resolving my DNS queries on HTTPS (443).
And, I am using an Addon on Chrome for "Always https" connections. I am blocking every request on http for Chrome using that Addon. Perfect!!!
So, now all surfing traffic on my Mac is going on HTTPS and is perfectly safe from hackers. I do not care for any other connections made by my other Mac Apps. I just care for security of my Apps while I am surfing them OR any payments I am making for shopping.
DNSCrypt-Proxy:
Please go to https://dnscrypt.org/#dnscrypt-osx and you will find all help there to how to install and run it on your Mac.
brew install dnscrypt-proxy --with-plugins
sudo dnscrypt-proxy --ephemeral-keys --resolver-name=cisco
^ You can find the resolver name in excel sheet that comes with this package.
And, just add an entry in your Network interfaces for DNS to point to 127.0.0.1, Please note that remove all other entries.
"Always HTTPS for Chrome":
https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en
Enjoy perfect security on your Mac, if you do not care about IP address anonymity. Always use legal stuff!!!
Basic info:
- I hosted my app in IIS7.5
- I created a new "Self-signed certificate" in IIS
- Site Bindings: type: https, port: 443, ip: *
- IIS 6 Management Compatibility -> enabled
- https://localhost:443 -> does not work
- sslFlags - ssl or ssl128 -> does not work
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
When I navigate to the web page, I get the ssl error, but when i change https to http i can access the page just fine.
Can anyone tell me how I should resolve this problem ?
I googled on this topic a little bit, but none of them give a solution.
How can i access the page using https?
Thank you
This kind of strange error occurs sometimes if the SSL stack tries to interpret non-SSL data as SSL. Please check that both sides really do SSL, packet sniffing with wireshark or so could help.
possibility that you have not created the ssl cert properly. are you able to browse the non ssl port.?
verify the ssl cert. if you need you can refer either ,
http://dotnetstock.com/technical/how-to-generate-self-signed-certificate-from-iis-8
or
http://www.akadia.com/services/ssh_test_certificate.html
Thank you for your answers!
I have done everything according to these instructions:
http://www.robbagby.com/iis/self-signed-certificates-on-iis-7-the-easy-way-and-the-most-effective-way/
Everything works ;)
I recently migrated to a new server (CentOS with plesk 11.0) and installed a new SSL certificate for my domain.
Problem now is that any IE user has the error "there is a problem with this website's security certificate" when they try to access the secure area of my site.
I've tested all main configurations - MAC/Windows/mobile plus browsers: FF,Chrome,Safari,Opera,IE and the only combination that gives me this problem is IE on windows. IE 11 works fine, all previous versions (the majority) come up with this error.
where do I start?? I can find no problem with the installation and this is obviously denting confidence in my site.
There are some known issues with IE and Certificates. Check these threads.
1) https://superuser.com/questions/379601/internet-explorer-refuses-to-connect-to-sites-with-untrusted-ssl-certificates
2) IE8 SSL Cert Problems while other browsers work like a charm
I found a work around for this issue. It is necessary to run https proxy which will accept certificate for Internet Explorer. I use a Python HTTP/HTTPS Proxy proxpy. You should point to required certificate file in core.py DEFAULT_CERT_FILE = "./cert/ncerts/proxpy.pem". So you need to use proxy settings in Internet Explorer. It is 127.0.0.1:8080 for ProxyPy by default.
What's required to setup Neo4j behind IIS proxy server?
I am running into the issue listed here: https://github.com/neo4j/neo4j/issues/112
Error message (Chrome console):
displayed insecure content from =1363713541737">http://xyz:7474/db/data/?=1363713541737
xyz is the server name.
Thanks
Considering the GitHub issue is still open, you can assume that this is not currently supported and no workaround has been supplied by Neo.
If you want to persist ahead, you will need to rewrite the content passing through the proxy.
When setting in the developer console a secure url (https), and trying to load the canvas under facebook:
https://apps.facebook.com/fanta-seriea/
I get the error saying that facebook received an empty responde.
Am I doing something wrong? The certificate is allright:
https://fanta-seriea.com
So why is this happening?
L.
If you enable SSL for your FBML app, please make sure that your SSL certificate includes all intermediate certificates in the chain of trust as our SSL validation is strict. You can use third-party SSL analysis tools (e.g., https://www.ssllabs.com/index.html) to check your certificate status and fix any errors (and warnings). If your SSL certificate has problems, you may see "Empty response received" error when you load your FBML canvas app."
From https://developers.facebook.com/blog/post/567/
Sorry for offtopic.
New Developer Roadmap says that FBML will die on 1st June 2012. Better go on iframe mode.
Have you definitely added a secure canvas URL in your app configuration? On the developer app, go to edit your app and under basic settings you should have URLs in both 'Canvas URL' and 'Secure Canvas URL'
I'm showing the HTTPS version as resolving correctly (although it doesn't fail gracefully if you access that url directly, it pukes errors all over the place) - https://www.fanta-seriea.com/fbfsapro/ - but when I try to access the HTTPS version of the canvas app, it redirects me back to the HTTP version. Is the SSL url set correctly in the SSL url section of your application settings?
You are referencing non-secure assets on that page. Facebook may be providing you with an invalid error message.
You should relativize all URLs that are simple assets.
If you need assets from other domains that are not yours, you can use protocol relative URLs : http://paulirish.com/2010/the-protocol-relative-url/