Aaron,

    Well, that's actually a very good question! I haven't used the
spiderman proxy for years, and when I tried now (after reading your
email) I realized that there is no CA being distributed with w3af. The
certificate the w3af is using is at [0], but that's kind of useless to
solve your problem.

    A while ago, and without actually hitting this bug, I was on the
right path [1] to fixing it. Sadly, I'm not a spiderman user, so this
will have low priority on my TODO list (see that I'm working on 1.6.1,
a bug fix release, and [1] is in the 1.8 release).

    If you're interested in working on this issue, I would gladly
help/guide you though each step.

[0] 
https://github.com/andresriancho/w3af/blob/master/w3af/core/controllers/daemons/mitm.crt
[1] https://github.com/andresriancho/w3af/issues/1269#issuecomment-37559070

On Wed, Apr 23, 2014 at 7:43 PM, Aaron Tracy <atr...@gmail.com> wrote:
> Hi!  Is there a tutorial somewhere I can follow on how to setup the SSL
> Certificate Authority (CA) for the spiderman plugin?  When I attempt to
> manually browse my site via the spiderman proxy, I'm presented with the
> "This connection is untrusted" dialog in Firefox and I'm not permitted to
> the SSL pages.  For Metasploit, I used a certificate that it provided for me
> and that worked beautifully for their framework.  Just curious if there's a
> certificate I can install for w3af located somewhere that I can install for
> spiderman or if I can get instructions on how to approach this problem with
> w3af.
>
> Thanks!
>
> --
> Aaron
>
> ------------------------------------------------------------------------------
> Start Your Social Network Today - Download eXo Platform
> Build your Enterprise Intranet with eXo Platform Software
> Java Based Open Source Intranet - Social, Extensible, Cloud Ready
> Get Started Now And Turn Your Intranet Into A Collaboration Platform
> http://p.sf.net/sfu/ExoPlatform
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to