Is HTTP Server API in Windows OS (https://learn.microsoft.com/en-us/windows/win32/http/http-api-start-page) still maintained. I see it supports only till SSLv3 as mentioned in the link https://learn.microsoft.com/en-us/windows/win32/http/http-server-api-features. Can it be made to work with TLS1.2. Thank You
Related
Currently if I scan(from both UI and CLI) using ZAProxy it sends HTTPS Traffic using HTTP1.1 version, Do we have any Support or Workaround to send HTTPS Traffic using HTTP2.0 version in ZAProxy.
Any help on this is much appreciated
No ZAProxy does not support HTTP/2 at this time.
The Paros networking layer used by ZAP is old, and lacks support of modern options such as HTTP/2. They planned to replace this but there is no ETA as of now.
refer the thread : https://github.com/zaproxy/zaproxy/issues/1765
My websites are https and my hosting company says my server is http2 enabled and functioning correctly. However, when I check my sites they are always utilizing the http1.1 protocol. I have contacted tech support and they say http2 is working and even sent me a screen shot to prove it.
I have tested both of my computers via my home internet and my mobile hotspot on both Firefox and Chrome. I have also tested with my ESET antivirus disabled. It always shows http1.1 via the Network Tab Protocol Column. I also have some site testing tools tell me http2 is function and others say that http2 isn't functioning.
I am looking for a cause-solution and my hosting provider is giving me nothing to work with. They almost act as if they have something to hide.
I am on a shared hosting plan. Apache Version 2.4.33. Anyone have any thoughts?
Additional Details:
I checked 3 http/2 site checking tools and all 3 said my server/website supports http/2. In addition to Chrome and Firefox Network tabs showing http/1.1, Chrome lighthouse(via DevTools > Audits Tab) says my site is not utilizing http/2.
Via Hosting Tech Support:
There is no load balancer, prefork MPM, and nothing in front of server.
Via https://www.ssllabs.com/ssltest
ALPN = Yes (h2 http/1.1)
Cipher = This server accepts RC4 cipher, but only with older protocols
Site URL:
https://spinerealignment.com
I have an old VB app that uses the Microsoft Internet Transfer Control (or Inet) to read info from a web page over HTTPS. It is installed on a number of Windows 10 machines and it works fine on all of them except for one. On this machine, when the call is made over HTTPS, the response comes back blank. The request never makes it to the web server because there is no entry for it in the IIS logs. Calls over HTTP to the same URL work just fine, only the HTTPS call has this problem.
I suspect the problem is with TLS 1.0. That protocol is disabled on the web server. I'm aware that older browsers, including old versions of IE, require TLS 1.0. Is there a setting that controls whether Inet can support TLS 1.1+? I did check Internet Options and "Use TLS 1.1" and "Use TLS 1.2" are already checked, so maybe these settings don't apply to Inet and I need to look elsewhere. Or is the problem something else?
Here is the code that uses Inet to make the HTTPS call. It's pretty straightforward.
response = Inet1.OpenURL("https://my_site/some_page")
' response is blank
I had the same issue. Experimenting with internet properties I found that unchecking "Use HTTP 1.1", leave "HTTP 1.1 through proxy connections" checked, fixes the problem. Have to close your program and restart it if you make the change while it's running. Don't have to reboot your PC. Hope this helps
if you disabled the TLS 1.0 in the WebServer then it will not work in the machines those are supported till TLS 1.0.
VB browser uses IE7 by default. If the HTTPS link works on the machine regular browser then you need to check for document mode settings otherwise you need to enable TLS 1.0 in the webserver.
I trying to implement chat application using websockets.But the problem is , it is working only with safari 5. When am trying to execute in Firefox v14 or Chrome v21 ,am getting the error "Unsupported Websocket version: 13".I think these versions of Firefox and Chrome supports Websockets but i dont know to eliminate that error.
http://angelozerr.wordpress.com/2011/07/23/websockets_jetty_step1/ From this URL i wrote source code chat App.
Please help me.
Thanks in Advance.
Safari 5 supports only a legacy draft version of WebSocket. All of the current versions of the other browsers (including safari 6) support the final RFC 6455 version (which is version 13). It is likely that the websocket server that you are using only supports draft spec clients. You may need to upgrade to the latest version of your server software/library or otherwise double check that your websocket server supports RFC6455.
Does anyone have a websocket connection working with an application proxy (e.g. burp or zap)?
For example, I have a working version of jWebSockets with works perfectly on my local machine.
However, when I intercept with Burp or Zap the connection times out and I get no server response back.
I have increased the timeout settings on the server side but this does not make a difference.
I have also tried using the invisible proxy option.
Thank you.
There are very few tools that support web sockets right now as its really a completely new protocol.
The current version of ZAP (1.4.1) wont, but the next major version will: http://code.google.com/p/zaproxy/wiki/GSoC2012_WebSockets
If you can build ZAP from the trunk then it will support web sockets - build instructions here: http://code.google.com/p/zaproxy/wiki/Building
It will allow you to view web socket traffic, intercept and change it and fuzz it to try and find vulnerabilities.
Let us know if you have any problems with it, eg via the ZAP developer group: http://groups.google.com/group/zaproxy-develop
Simon (ZAP Project Lead).
Update - Web Sockets support in ZAP is now available in the weekly cross-platform releases, which can be downloaded from http://code.google.com/p/zaproxy/downloads/list so you dont have to build it yourself