Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: WebScarab problems with SSL

WebScarab problems with SSL

From: cgi phantom <webapps3c_at_gmail.com>
Date: Thu, 17 May 2007 14:22:21 +1000

Hi All,

I'm receiving the following error while connecting to ANY ssl enabled web site:

3:52:17 Listener-127.0.0.1:8008(Listener.listen): Proxy listening on
127.0.0.1:8008
13:52:36 Listener-127.0.0.1:8008-2(ConnectionHandler.initSSL):
Initialised SSL handler OK
13:52:36 Listener-127.0.0.1:8008-1(ConnectionHandler.initSSL):
Initialised SSL handler OK
13:52:36 Listener-127.0.0.1:8008-3(ConnectionHandler.initSSL):
Initialised SSL handler OK
13:52:36 Listener-127.0.0.1:8008-2(ConnectionHandler.run):
ConnectionHandler got an error : javax.net.ssl.SSLException:
Connection has been shutdown: javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake
13:52:36 Listener-127.0.0.1:8008-1(ConnectionHandler.run):
ConnectionHandler got an error : javax.net.ssl.SSLException:
Connection has been shutdown: javax.net.ssl.SSLHandshakeException:
Remote host closed connection during handshake
13:53:15 Listener-127.0.0.1:8008-4(SSLContextManager.getSSLContext):
Requested SSLContext for null
13:53:15 Listener-127.0.0.1:8008-4(ConnectionHandler.run): IOException
retrieving the response for
https://www.bla.com:443/portal/images/header/top_bg.gif :
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext
connection?
13:53:26 Listener-127.0.0.1:8008-5(URLFetcher.fetchResponse):
http://www.bla.com:80/ : 503 Service Unavailable

OR

14:06:41 Listener-127.0.0.1:8008-33(ConnectionHandler.run):
IOException retrieving the response for https://www.xxx.com:443/ :
java.io.IOException: No SSL cert found matching fingerprint:

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using
manual processes, or by using automated systems and tools. Watchfire's
"Web Application Security: Automated Scanning or Manual Penetration
Testing?" whitepaper examines a few vulnerability detection methods -
specifically comparing and contrasting manual penetration testing with
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008rSe
--------------------------------------------------------------------------
Received on May 18 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos