Hey Andres,
I haven't setup a CA before, but google showed me the following tutorial:
https://codeghar.wordpress.com/2013/04/16/create-private-certificate-authority-on-linux/
I installed openssl and it's working properly on my Mac, however, before I
go too far down this road, I wanted to get a peer review to make sure I'm
on
the right track. If so, I'll need to have the caconfig.cnf file
information
(see the website) for w3af... if I'm totally off track here, help me get
back on track :D
I'm logged into w3af on freenode as tracer2000... :D
Thanks for the Contributing 101 link :D I'm an avid github user so it
made
perfect sense to me :D
Aaron
> On Tue, Apr 29, 2014 at 6:27 AM, Andres Riancho <andres.rian...@gmail.com>
> wrote:
>>
>> Aaron,
>>
>> Thanks for the interest mate :) I believe that the best thing to do
>> is:
>>
>> * Create a new CA using openssl, add it to the repository
>> * Use that CA to create a new certificate that will be used
>> with spiderman
>> * Write a document here [0] about how to configure your
>> browser to use spiderman with the new CA/cert
>>
>> Once that's done, we'll be able to worry about the migration to
>> libmitmproxy
>>
>> You can send me the code as pull-requests, a guide on how to do it is
>> here:
>> https://github.com/andresriancho/w3af/wiki/Contributing-101
>>
>> Let me know if you find issues in the document, potential
>> improvements, etc. If you get stuck contact me on freenode IRC
>> (__apr__ is my nickname on #w3af)
>>
>> [0] https://github.com/andresriancho/w3af/tree/master/doc/sphinx
>> [1] https://github.com/andresriancho/w3af/issues/1269
>>
>> On Mon, Apr 28, 2014 at 3:20 PM, Aaron Tracy <atr...@gmail.com> wrote:
>> > Bring it on Andres! I'll be happy to help out with this! Where do I
>> > start?
>> >
>> >
>> > On Mon, Apr 28, 2014 at 7:34 AM, Andres Riancho
>> > <andres.rian...@gmail.com>
>> > wrote:
>> >>
>> >> Aaron,
>> >>
>> >> Well, that's actually a very good question! I haven't used the
>> >> spiderman proxy for years, and when I tried now (after reading your
>> >> email) I realized that there is no CA being distributed with w3af. The
>> >> certificate the w3af is using is at [0], but that's kind of useless to
>> >> solve your problem.
>> >>
>> >> A while ago, and without actually hitting this bug, I was on the
>> >> right path [1] to fixing it. Sadly, I'm not a spiderman user, so this
>> >> will have low priority on my TODO list (see that I'm working on 1.6.1,
>> >> a bug fix release, and [1] is in the 1.8 release).
>> >>
>> >> If you're interested in working on this issue, I would gladly
>> >> help/guide you though each step.
>> >>
>> >> [0]
>> >>
>> >>
https://github.com/andresriancho/w3af/blob/master/w3af/core/controllers/daemons/mitm.crt
>> >> [1]
>> >>
https://github.com/andresriancho/w3af/issues/1269#issuecomment-37559070
>> >>
>> >> On Wed, Apr 23, 2014 at 7:43 PM, Aaron Tracy <atr...@gmail.com> wrote:
>> >> > Hi! Is there a tutorial somewhere I can follow on how to setup the
>> >> > SSL
>> >> > Certificate Authority (CA) for the spiderman plugin? When I attempt
>> >> > to
>> >> > manually browse my site via the spiderman proxy, I'm presented with
>> >> > the
>> >> > "This connection is untrusted" dialog in Firefox and I'm not
>> >> > permitted
>> >> > to
>> >> > the SSL pages. For Metasploit, I used a certificate that it
provided
>> >> > for me
>> >> > and that worked beautifully for their framework. Just curious if
>> >> > there's a
>> >> > certificate I can install for w3af located somewhere that I can
>> >> > install
>> >> > for
>> >> > spiderman or if I can get instructions on how to approach this
>> >> > problem
>> >> > with
>> >> > w3af.
>> >> >
>> >> > Thanks!
>> >> >
>> >> > --
>> >> > Aaron
>> >> >
>> >> >
>> >> >
>> >> >
------------------------------------------------------------------------------
>> >> > Start Your Social Network Today - Download eXo Platform
>> >> > Build your Enterprise Intranet with eXo Platform Software
>> >> > Java Based Open Source Intranet - Social, Extensible, Cloud Ready
>> >> > Get Started Now And Turn Your Intranet Into A Collaboration Platform
>> >> > http://p.sf.net/sfu/ExoPlatform
>> >> > _______________________________________________
>> >> > W3af-users mailing list
>> >> > W3af-users@lists.sourceforge.net
>> >> > https://lists.sourceforge.net/lists/listinfo/w3af-users
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Andrés Riancho
>> >> Project Leader at w3af - http://w3af.org/
>> >> Web Application Attack and Audit Framework
>> >> Twitter: @w3af
>> >> GPG: 0x93C344F3
>> >
>> >
>> >
>> >
>> > --
>> > Aaron
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>
>
>
>
> --
> Aaron
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
--
Aaron
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users