While running ACSTIS today on the JS app hosted on heroku, I happen to get some warnings. Will this affect the scan (I am guessing no) is there a way we could ignore them in the acstis script.
I tried scanning other websites and I feel the scanner runs fine, Just that I am getting these warnings now. Somehow I did not get these errors the first time I tested this new version (Surprise !!)
[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[INFO] Found AngularJS version 1.5.11.
[INFO] Angular CSTI scanner started.
[INFO] Scanning https://owaspjuiceshop221b.herokuapp.com/#/search
C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no subjectAltName, falling back to check for a commonName for now. This feature is being
removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
SubjectAltNameWarning
C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no subjectAltName, falling back to check for a commonName for now. This feature is being
removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
SubjectAltNameWarning
C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no subjectAltName, falling back to check for a commonName for now. This feature is being
removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
SubjectAltNameWarning_
I just fixed this issue in the crawler develop tree. Issue #6 needs to be fixed in the crawler as well. I will release a new version of the crawler as soon as I fixed #6, then I'll update ACSTIS with the new version of the crawler.
While running ACSTIS today on the JS app hosted on heroku, I happen to get some warnings. Will this affect the scan (I am guessing no) is there a way we could ignore them in the acstis script.
I tried scanning other websites and I feel the scanner runs fine, Just that I am getting these warnings now. Somehow I did not get these errors the first time I tested this new version (Surprise !!)
_PS Angular-CSTI-Scanner\angularjs-csti-scanner-master> python .\extended.test.py -c -d "https://owaspjuiceshop221b.herokuapp.com/#/search" -tc "Burp_CA_Cert.pem"
Version 3.0.1 - Copyright 2017 Tijme Gommers tijme@finnwea.com
[INFO] Looking for AngularJS version using a headless browser. [INFO] Waiting until DOM is completely loaded. [INFO] Found AngularJS version 1.5.11. [INFO] Angular CSTI scanner started. [INFO] Scanning https://owaspjuiceshop221b.herokuapp.com/#/search C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has no
subjectAltName
, falling back to check for acommonName
for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has nosubjectAltName
, falling back to check for acommonName
for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning C:\Python27\lib\site-packages\urllib3\connection.py:344: SubjectAltNameWarning: Certificate for owaspjuiceshop221b.herokuapp.com has nosubjectAltName
, falling back to check for acommonName
for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SubjectAltNameWarning_