I am running webscarab from the jar
% java -jar WebScarab-ng-0.2.1.one-jar.jar
For normal websites (http) i am able to analyze the packets using webscarab. But if i enter any secure site (https), say https://www.gmail.com i am unable to view the pages.
I tried generating a certificate file for the site using the instructions from
https://www.owasp.org/index.php/Generating_Custom_SSL_Certificates_for_WebScarab
But still i am unable to view any https webpages.
I have configured proxy in firefox to localhost:8008 for all requests.
In the backend i am getting " incomplete ssl connection?".
You need to give more information. What browser are you using? What is the exact error message you are getting? Is is ALL SSL sites that you cannot access? Have you set the SSL proxy as well as the non-SSL proxy settings in the browser? Is the site using client SSL certificates?
Related
I am using Jmeter 5.4.1 with Java 1_8_301 and Firefox 91.0. I have imported the ApacheJMeterTemporaryRootCA into Firefox browser and this certificate is generated today and valid.
I have set up proxy settings in my Firefox browser. This testing is done on Windows and my web application uses a client certificate which I converted through keytool into PKCS12 format and added the following to the system.properties under Jmeter-Home\bin
My web app is loading fine without proxy but when I try to record getting the below error.
java.net.SocketException: Software caused connection abort: recv failed **ensure browser is set to accept the JMeter proxy certificate**
I am not sure what I am missing here. I have been through all solutions mentioned in this regard and I am exhausted all my options now. I have been successful in recording using BlazeMeter but my company is not allowing me to use the Chrome extension for security reasons.
Note:
Also, I forgot to add that the Jmeter recording working fine before. Started noticing issues after our java
is upgraded from jdk_1.8.291 to jdk_1.8.301. I checked the difference
between the two and both support TLS1.2 which is what our app uses and tried
to downgrade to v291 didn't work either.
Log:
Problem with SSL certificate for URL for 'XXXXX'? Ensure browser is set to accept the JMeter proxy cert: java.net.SocketException: Software caused connection abort: recv failed
It's quite hard to say what's wrong without seeing your jmeter.log file with debug logging enabled for the HTTP(S) Test Script Recorder.
I can think of 2 options:
Double check the way you're importing the certificate into your browser, i.e. try recording a website with HTTPS without client certificate, i.e. https://example.com. If it fails - you will need to properly install the JMeter's certificate prior to proceeding with your application recording
If it will be successful for other HTTPS website but not for the particular your application most probably you need to import your client certificate into Firefox browser as well
As the last resort you can inspect the requests using Firefox "network" tab and generate relevant HTTP Request samplers manually. There is also BlazeMeter JMX Converter service which can transform HAR files into .JMX scripts but I think the same security restrictions will apply.
Any https site will display the "your connection is not private message".
Tryied everything.
cannot surf the web at all, except for http sites.
got installed the jmeter certificate, and still nothing.
I am trying to record my application that sends requests in http, no problem for now but soon we will change to https and this will be a problem
I followed the following steps:
install java, install jmeter, create http recording from template, set proxy on windows machine to localhost:8888, start recording, install the jmeter certificate on web browser (IE and Chrome).
please advice
I have WebAPP and WEBAPI on same server. I have applied SSL certificate on both the sites under same server (both are separate applications under common IIS default website).
Now my point, Can I access same WEBAPI over http instead of https form 3rd intranet application on same server and which is not a secure application?
My intention to not hamper performance for 3rd site which is not secured and on the same server.
Actually It depends on your configuration.
Generally, when you apply SSL on web server your app can now be accessed over http and https both connections.
But, if you have configured it to redirect http version to https using CSP or server end configuration, then you can access http version as all requests will get automatically redirected to https version.
You should read IIS related materials to learn what is site binding. A web site can of course contain multiple bindings, both HTTP and HTTPS, so that clients (like web browsers) can access using both http:// and https://.
https://blogs.technet.microsoft.com/chrad/2010/01/24/understanding-iis-bindings-websites-virtual-directories-and-lastly-application-pools/
I´m running Microstrategy Desktop v. 10.5.0 on Windows 10 and I´m trying to build a few maps. I´m behind a HTTP proxy in the format
http_proxy=http://<user>:<password>#proxy.mycorp.com:8080
https_proxy=http://<user>:<password>#proxy.mycorp.com:8080
and every time I try to start a map I get the message
Unable to download the ESRI map. No Internet connection. You can configure an Internet proxy through you computer´s Settings.
The internet works for all other programs with the same proxy and the ESRI CDN links also work directly on the browser behind the proxy. If I connect to a network outside my work connection and disable the proxy the maps work. Is there a way to make Microstrategy Desktop work behind a proxy?
Can you please look into the following link, You have to check with your network admins and request them to unblock some websites and ports.
https://community.microstrategy.com/t5/Clients-Interfaces/Sporadic-issues-with-ESRI-maps-in-Desktop-10-with-proxy-setting/td-p/248444
We faced the same issue, and we requested our network admin team to do the following :
For simpicity, you could open below configuration in the firewall:
Ports 443 , 80 and 6080
*.arcgis.com, *.esri.com and *.arcgisonline.com
Starting with MicroStrategy Analytics Enterprise 9.4.1 Hotfix 6 and in MicroStrategy 10.X, users are able to configure MicroStrategy Web to send HTTP request to ESRI via internal proxy servers. The following provides the details
Un-authenticated proxy :
If the proxy server does not require authentication, user can go to Web Administration security page and configure the following settigs
Go to Web Administration --> Security Page.
Check "Enable HTTP proxy server"
Fill out the Server address and Server port
enter image description here
Authenticated proxy server
It the proxy server requires authentication , User will need to add in the esriconfig.xml file located under plugins\ConnectorForESRIMap\WEB-INF\xml\config (see sample below).
Note: Restart the web server after this change
<ec> <apps clientToken="true"> <key><![CDATA[------]]></key></apps></ec>
I have successfully created a Let's Encrypt SSL certificate using Lone-Coder's Windows Sample
The SSL certificate has been installed and appears in IIS under Server Certificates.
A HTTPS binding was successfully associated with my site in IIS.
The StaticFile handler mapping is being executed before the ExtensionLess URL Mapper.
When I visit my domain: https://subdomain1.mysite.com I am getting a site not found.
Further information:
I have three sites on this server:
subdomain1.mysite.com (this one has the Let's Encrypt SSL applied)
subdomain2.mysite.com
www.mysite.com
Try deleting and manually adding the binding again. Sometimes it can get miss configured.
Check firewalls.