I have a local website hosted on IIS and I am trying to scan my application with ZAP tool executed in daemon mode. Everything works fine until I disable the "Anonymous Authentication" method from IIS and the only method enabled is "Basic Authentication". The error I get is "Failed to attack the URL: received a 401 response code".
Is there any possibility to send the login credentials from daemon mode?
The command looks like this: zap.bat -quickurl "urlToTest" -quickprogress -daemon -cmd.
The -cmd option puts ZAP into commandline / inline mode.
Use the -daemon mode to put ZAP into daemon mode, at which point you'll need to use the ZAP API to interact with it.
To handle authentication you will have to add your application to a Context and then specify the authentication.
We have a FAQ for Form Based authentication: https://github.com/zaproxy/zaproxy/wiki/FAQformauth You'll need to do something similar but specify 'HTTP/NTLM Authentication' : https://github.com/zaproxy/zap-core-help/wiki/HelpStartConceptsAuthentication
I'd recommend testing this using the ZAP UI first - you can also then export to Context to reuse in daemon mode.
Any problems then its probably best to head over to the ZAP User Group: http://groups.google.com/group/zaproxy-users
Simon (ZAP Project Lead)
Related
Changing the port by changing the offset in the deployment.toml or using -DportOffset doesn't get applied to the Console and the My Account applications.
How to reproduce:
Change the offset by adding the following config to the deployment.toml
[server]
offset=2
Start the server
Access the console app from https://localhost:9445/console
Access the my account app from https://localhost:9445/myaccount
Following error is displayed.
Observed, that the reason is that the callback URL is not changed when the hostname or port is changed. Even changing the URLs manually from the management console is not allowed.
What is the recommendation to get Myaccount and Console apps working when hostname or port is changed?
An approach is to manually change the callback URL of the Myaccount and Console apps accordingly when a port or hostname change is done in the server, by removing these applications from the system applications list.
Steps:
Change hostname or port of the server
Remove Myaccount and Console apps from read only system apps by adding the following to the deployment.toml
[system_applications]
read_only_apps = []
Restart the server
Update callback URL of the myaccount and console apps from the management console accordingly.
Change the issuer URI of the Resident IDP accordingly.
These applications can be hosted externally. In that case the callback URLs can have different hostnames and ports.
Thus, it is not good to change the callback URLs automatically. So, the manual option is Aysh pointed in the above comment is the recommended approach ATM.
I have Data Virt running via the standalone.sh script, and can log in with my username and password. My next task is configuring it so that it automatically runs whenever the instance is up and running (without having to execute standalone.sh), and uses SSL (port 443) rather than my username and password to log me in. I added the vault.keystore, dv_keystore.jks, and dv_truststore.jks files, and modified both standalone.sh and standalone.xml, according to the JBoss and other online documentation, to account for using these files. I start the standalone.sh script, which runs without any errors. When I browse to:
http://<IP>:8443/dashboard
after starting standalone.sh, I get the following error:
This page can't be displayed
Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://:8443 again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4, which is not considered secure. Please contact your site administrator.
The settings Use TLS-1.0-ON, Use TLS-1.1-ON, and Use TLS-1.2-ON are all checked in the Browser properties.
By contrast, when I browse to
http://<IP>:8443/dashboard
when standalone.sh is not running, I get the following:
This page can't be displayed
- Make sure the web address https://:8443 is correct.
- Look for the page with your search engine.
- Refresh the page in a few minutes.
It appears the browser is sensing something going on when standalone.sh is running, but something is not allowing the browser to access the dashboard.
What am I missing here?
Have you validated any other ssl access? Is it just an issue with the dashboard application?
I'm trying to create an .NET CORE application on VS2015.
But I'm unable to get "dnu restore" with success behind a proxy with authentication.
I allways get a: 407 (Proxy Authentication Required)
In other features from VS like "Extensions and Updates" I'm prompted for user and password, but they aren't reused by "dnu restore".
I notice that "dnu restore" runs as a "dnx.exe" call inside VS...
Where is he looking for the proxy configuration? namely the proxy authentication (user+password)?
I tryed three diferent aproaches for configuring the proxy:
- configuring it on devenv.exe.config
- using Proxifier
- using Fiddler.
Unable to have success with any of the three.
Can you please help?
Thanks in advance,
Miguel
I am trying hard to follow the example of SimpleTunnel given by Apple.
I try to track how they make the customized call.
However I cannot link the relationship between the connect button action with starting a new tunnel.
I tried to track it with PacketTunnelProvider but without success.
I know they are override classes. I cannot find the point where the whole VPN connection starts.
My goal is to create a SSL VPN tunnel.
After asking Apple and a few trial and error, I can finally trigger the extension part.
Prerequisite: (Network Extension permission)
Add a new target -> Packet Tunnel Provider
Trigger the extension by
NEVPNConnection *conn = [manager connection];
NSError *connError;
[conn startVPNTunnelWithOptions:settingsDict andReturnError:&connError];
Debug with the following steps
(1) Build & run the app
(2) Stop the app
(3) Debug > attach to process by PID or name > Enter "PacketTunnel"
(4) Start the app from your iPhone screen and you can debug for the extension
Hope the small steps I experienced can help the others to start.
However, there are more upcoming questions and I need to check!
The sample application and Packet Tunnel provider runs as a separate process. sample application is called as container app and the packet tunnel provider runs as app extension. These two components uses IPC for communication.
In sample application whenever connect toggle button is enabled startVPNTunnel() API will be called and the OS starts the packet tunnel provider which in turn calls your overrided method startTunnelWithOptions(). So this is where you start your connection to the VPN server.
To answer your question link the connect action to a method that invokes startVPNTunnel() which in turn triggers packet tunnel provider. You cannot directly invoke start packet tunnel provider without the container application.
Same gets applied to stop your VPN tunnel
Hope this answer helps you
if you are asking about the connect / enable buttons inside the SimpleTunnel app, then startVPNTunnel() is the call used in startStopToggled() method of StatusViewController.swift file
if you are asking about how the extension handles vpn connection start (after configuration is done), then OS network system calls startTunnelWithOptions() in PacketTunnelProvider.swift depending on how the tunnel is configured. for eg: of on-demand is enabled for this tunnel, OS will try to setup/start the tunnel whenever there is network activity. if not, OS will try to start tunnel, when you go to Settings|VPN and try to switch ON the config. This is similar to the iOS8 personal vpn connection stuff.
HTTP Error 404.3 - Not Found
The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.
what could be the reason of this error for the WCF service hosted on IIS 7.
Answered here
Please make sure you've activated WCF components from here.
Or alternate and easy way is, go to control panel -> Turn Windows feature on or off -> and make sure you've all the options ticked as mentioned in below screenshot.
Run from cmd:
%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -ir
All you need to do is enable HTTP Activation and any other features that are required for HTTP activation.
For Windows Server 2012,Go to server manager, on the dashboard --> click on Add roles and features. In the Wizard window that opens choose the appropriate server and go on clicking next until you are on the features selection page.
Depending on the version of .NET framework in use on your server you have to check HTTP Activation under WCF Services and proceed to install it. This should resolve your issue.
Run Visual Studio 2008 Command Prompt as “Administrator”.
Navigate to C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation.
Run this command servicemodelreg –i
Thanks for the blog from Rahul.
http://blogs.msdn.com/b/rjohri/archive/2009/06/29/the-page-you-are-requesting-cannot-be-served-because-of-the-extension-configuration.aspx