Aaron, Well, that's actually a very good question! I haven't used the spiderman proxy for years, and when I tried now (after reading your email) I realized that there is no CA being distributed with w3af. The certificate the w3af is using is at [0], but that's kind of useless to solve your problem.
A while ago, and without actually hitting this bug, I was on the right path [1] to fixing it. Sadly, I'm not a spiderman user, so this will have low priority on my TODO list (see that I'm working on 1.6.1, a bug fix release, and [1] is in the 1.8 release). If you're interested in working on this issue, I would gladly help/guide you though each step. [0] https://github.com/andresriancho/w3af/blob/master/w3af/core/controllers/daemons/mitm.crt [1] https://github.com/andresriancho/w3af/issues/1269#issuecomment-37559070 On Wed, Apr 23, 2014 at 7:43 PM, Aaron Tracy <atr...@gmail.com> wrote: > Hi! Is there a tutorial somewhere I can follow on how to setup the SSL > Certificate Authority (CA) for the spiderman plugin? When I attempt to > manually browse my site via the spiderman proxy, I'm presented with the > "This connection is untrusted" dialog in Firefox and I'm not permitted to > the SSL pages. For Metasploit, I used a certificate that it provided for me > and that worked beautifully for their framework. Just curious if there's a > certificate I can install for w3af located somewhere that I can install for > spiderman or if I can get instructions on how to approach this problem with > w3af. > > Thanks! > > -- > Aaron > > ------------------------------------------------------------------------------ > Start Your Social Network Today - Download eXo Platform > Build your Enterprise Intranet with eXo Platform Software > Java Based Open Source Intranet - Social, Extensible, Cloud Ready > Get Started Now And Turn Your Intranet Into A Collaboration Platform > http://p.sf.net/sfu/ExoPlatform > _______________________________________________ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users