Aaron,
Thanks for the interest mate :) I believe that the best thing to do is:
* Create a new CA using openssl, add it to the repository
* Use that CA to create a new certificate that will be used
with spiderman
* Write a document here [0] about how to configure your
browser to use spiderman with the new CA/cert
Once that's done, we'll be able to worry about the migration to libmitmproxy
You can send me the code as pull-requests, a guide on how to do it is here:
https://github.com/andresriancho/w3af/wiki/Contributing-101
Let me know if you find issues in the document, potential
improvements, etc. If you get stuck contact me on freenode IRC
(__apr__ is my nickname on #w3af)
[0] https://github.com/andresriancho/w3af/tree/master/doc/sphinx
[1] https://github.com/andresriancho/w3af/issues/1269
On Mon, Apr 28, 2014 at 3:20 PM, Aaron Tracy <atr...@gmail.com> wrote:
> Bring it on Andres! I'll be happy to help out with this! Where do I start?
>
>
> On Mon, Apr 28, 2014 at 7:34 AM, Andres Riancho <andres.rian...@gmail.com>
> wrote:
>>
>> Aaron,
>>
>> Well, that's actually a very good question! I haven't used the
>> spiderman proxy for years, and when I tried now (after reading your
>> email) I realized that there is no CA being distributed with w3af. The
>> certificate the w3af is using is at [0], but that's kind of useless to
>> solve your problem.
>>
>> A while ago, and without actually hitting this bug, I was on the
>> right path [1] to fixing it. Sadly, I'm not a spiderman user, so this
>> will have low priority on my TODO list (see that I'm working on 1.6.1,
>> a bug fix release, and [1] is in the 1.8 release).
>>
>> If you're interested in working on this issue, I would gladly
>> help/guide you though each step.
>>
>> [0]
>> https://github.com/andresriancho/w3af/blob/master/w3af/core/controllers/daemons/mitm.crt
>> [1]
>> https://github.com/andresriancho/w3af/issues/1269#issuecomment-37559070
>>
>> On Wed, Apr 23, 2014 at 7:43 PM, Aaron Tracy <atr...@gmail.com> wrote:
>> > Hi! Is there a tutorial somewhere I can follow on how to setup the SSL
>> > Certificate Authority (CA) for the spiderman plugin? When I attempt to
>> > manually browse my site via the spiderman proxy, I'm presented with the
>> > "This connection is untrusted" dialog in Firefox and I'm not permitted
>> > to
>> > the SSL pages. For Metasploit, I used a certificate that it provided
>> > for me
>> > and that worked beautifully for their framework. Just curious if
>> > there's a
>> > certificate I can install for w3af located somewhere that I can install
>> > for
>> > spiderman or if I can get instructions on how to approach this problem
>> > with
>> > w3af.
>> >
>> > Thanks!
>> >
>> > --
>> > Aaron
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Start Your Social Network Today - Download eXo Platform
>> > Build your Enterprise Intranet with eXo Platform Software
>> > Java Based Open Source Intranet - Social, Extensible, Cloud Ready
>> > Get Started Now And Turn Your Intranet Into A Collaboration Platform
>> > http://p.sf.net/sfu/ExoPlatform
>> > _______________________________________________
>> > W3af-users mailing list
>> > W3af-users@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/w3af-users
>> >
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>
>
>
>
> --
> Aaron
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
