search

ashenchowthee / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

Forced Browsing does not work with SSL Sites using self-signed certs #718

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Launch browser + ZAP 2.1.0; visit https://dojo-basic
2. Click "Forced Browse" Tab; select the site & wordlist; click "Play" button
3. Wait for scan to complete.  No results

What is the expected output? What do you see instead?
I expect to see some of the directories which were found using the same 
wordlist (raft-small-directories.txt) when running the stand-alone DirBuster.

What version of the product are you using? On what operating system?
ZAP 2.1.0 on Ubuntu 12.04.2 / Samurai-WTF-2.0

Please provide any additional information below.
Console error log attached appears to indicate a failure to perform an SSL 
negotiation due to a self-signed certificate.

A similar test, targeting a site with an SSL certificate signed by a known CA 
produces the expected results.

Original issue reported on code.google.com by benja...@umn.edu on 8 Jul 2013 at 9:50

Attachments:

GoogleCodeExporter commented 9 years ago 
What version of (stand-alone) DirBuster did you use?

Original comment by THC...@gmail.com on 9 Jul 2013 at 1:00

GoogleCodeExporter commented 9 years ago 
I'm using   DirBuster-1.0 RC1   06/05/2008

Also, for completeness, here's some more info from the system I'm running:
samurai@ubuntu:~$ java -version
java version "1.7.0_21"
OpenJDK Runtime Environment (IcedTea 2.3.9) (7u21-2.3.9-0ubuntu0.12.04.1)
OpenJDK Client VM (build 23.7-b01, mixed mode, sharing)
samurai@ubuntu:~$ uname -a
Linux ubuntu 3.2.0-49-generic-pae #75-Ubuntu SMP Tue Jun 18 18:00:21 UTC 2013 
i686 i686 i386 GNU/Linux
samurai@ubuntu:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="SamuraiWTF 2.0 based on Ubuntu 12.04 LTS"
samurai@ubuntu:~$

For what it's worth, I get the same behavior with ZAP 1.4.0.1.

Original comment by benja...@umn.edu on 10 Jul 2013 at 12:58

GoogleCodeExporter commented 9 years ago 
ZAP has been migrated to github

This issue will be on github issues with the same ID: 
https://github.com/zaproxy/zaproxy/issues

Original comment by psii...@gmail.com on 5 Jun 2015 at 9:17