I want to use Genymotion as my Android emulator and I intend to attach the OWASP Zap (localhost:8080) as its proxy but I encountered an SSL error.
Can someone help me with this issue?
Note: I'm using Ubuntu 18.04
You need to add OWASP Zap root certificate to the Virtual Device Android OS, the same way as with BURP suite. You can take inspiration from this example: https://support.genymotion.com/hc/en-us/articles/360012333077-How-to-use-Burp-suite-with-Genymotion-Desktop-
Related
I have PyCharm Pro. I am trying to do remote development on a server. I have read the following Jetbrains tutorials:
Deploying Applications
Remote Development on Raspberry Pi
as well as the very helpful tutorial:
Remote debugging with pycharm the missing tutorial
While I seem to be able to set everything up, authentication fails when I try to connect to the remote server using the 'SFTP' protocol. I can make an SSH and SFTP connection from the CLI in a terminal so I know the ssh configuration settings are correct. However, in my case authentication requires ssh and having a Yubi key connected to my laptop. Does that make a difference?
Has anyone had a similar issue? If so, how did you resolve it?
On MacOS the challenge is where the IDE is getting it's ssh socket agent. To make this work in my case I have to launch the PyCharm Pro IDE from a terminal.
Go to '/Applications/PyCharm.app/Contents/MacOS' directory and launch with './pycharm'
I am trying to do performance test using JMeter for a mobile application. My application is secured and makes HTTPS calls. I came across below guide to install a certificate on client side. Can anyone tell me how can I get this certificate?
Do I have to buy SSL Certificate and install it on my computer and my android device?
Can some one help me to make me understand below guide in plain English? I am successfully able to record and playback when our mobile APP is not Secured i.e. able to make HTTP calls without any troubles. Thanks and any help is appreciated. Also, I am okay to pay for a Training on JMeter who can teach me how to do this. Thanks.
https://www.blazemeter.com/blog/how-set-your-jmeter-load-test-use-client-side-certificates/
In order to be able to record the mobile device traffic you need to install JMeter's MITM certificate which will allow JMeter to intercept and decrypt secure requests.
You don't need to buy anything, the certificate is being generated in "bin" folder of your JMeter installation when you start HTTP(S) Test Script Recorder, the file is called ApacheJMeterTemporaryRootCA.crt and this is the certificate you need to install onto your mobile device/emulator in order to be able to record HTTPS traffic.
The instructions differ depending on mobile OS and even OS version, the most painful is capturing traffic on Android >= 7.0, the exact steps can be found in Bypassing Android’s Network Security Configuration and Recording Using Android Devices guides
All Mac computers at my job were upgraded to macOS Mojave four days ago. Since then, no Mac users have been able to connect to any MarkLogic WebDav servers. PC users are able to connect no problem and so are Macs that are still running older versions of macOS.
Also, now when trying to connect to the WebDav server through Finder, we get this pop-up message:
"Do you want to send your name and password in a way that is insecure?
The baseURL provided uses an unsecured method for network communication. To use a secure connection, you must use a server that supports SSL."
Has anyone else encountered this issue? Is there a setting in MarkLogic that we need to change?
Thank you!
It sounds like the primary change is that macOS now issues a warning when you are connecting in a way that could send your password in clear text.
MarkLogic supports WebDAV over SSL, so to remove the warning, you will need to enable SSL on your WebDAV app server.
The MarkLogic Security Guide goes into the details of Configuring SSL on App Servers.
You can also check the WebDAV Server Configuration Help for a complete list of the available options for a WebDAV app server.
It was an Apple issue. We installed the Mojave 10.14.6 supplemental update and the problem fixed itself. We're able to connect to the WebDav servers no problem. Thanks!
I am using Wso2-emm 2.2.0 in my ubuntu machine and currently I am just exploring the web console for my future project. While going through Configuration Management > Certificate Configurations, I am not able to find the use of uploading certificates (in .pem format) in the server.
If any such use is there please tell me because my project needs installation of X.509 digital certificates on android, ios and windows device for achieving BYOD implementation.
Thanks in advance and help is appreciated
gaurav sharma
This is used to enroll devices using mutual SLL.
This feature is only allowed for android devices only.
I am trying to integrate sonarqube(version 5.1.2) with intellij(2016.2). I have added sonarLint plugin.
when I am trying to add a sonar server to the sonarLint settings it asks for username and password for sonar server and other details like url.
But it somehow is unable to connect to the sonar server and gives error :
Fail to request : https://example.com/api/system/status
The latest version of SonarLint only supports SonarQube 5.6+ (5.6 is the current LTS version).
Apart of that, you might also be facing a problem with server SSL certificates. SonarLint will try to validate the server's SSL certificate using the JVM's truststore. So if your SonarQube server uses an SSL certificate, you might need to install the CA certificate in the trustore of the JVM used by IntelliJ.
Due to a limitation in SonarLint, certificates configured within IntelliJ aren't supported by SonarLint: https://jira.sonarsource.com/browse/SLI-75
I ran into something similar myself using SonarLint 3.1 and SonarQube 6.7.
In IntelliJ I kept running into this error message
Failed to connect to the server. Please check the configuration.
Error: Fail to request https://<SONARQUBE>/api/system/status
However I could access that URL through my browser without any issues.
When you WireShark the requests coming from the browser and the IDE you can see that the cypher suite is quite different and that the IDE plugin gets a TLS handshake failure.
That lead me to discover that Java still ships with limited strength cryptographic functions. That’s either because of US export policy or because nobody has gotten around to fixing it. The internet isn’t quite sure.
Either way, you can download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Oracle: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
Once I installed those onto the IntelliJ JVM, I no longer got the underlying TLS handshake failure when trying to connect to SonarQube and the connection works.
I just had the same error. After many tries, it turned out that I had to enter my login (it's a domain account) in the upper-case. Looks like login is case-sensitive.
It's my work account and I was using it always in lower-case, so it's quite surprising, but worked nonetheless.
Sorry for late response, but you can try to follow this instruction.
You can find it here. Download the Zip and follow the instructions in the pop-up after you click download.
Versions: SonarLint - IntelliJ IDEs Plugin | Marketplace (jetbrains.com)