Zed Attack Proxy Dynamic Certificate option not available - zap

The option to create dynamic certificates in ZAP is not available. I cannot see anywhere that it might have moved to and Google is not helping. I am running it on a Kali VM.
Does anyone know whether it's been removed? If not, where/how do I get to it?
Thanks.

No, we've not removed it :/
But you might have accidentally disabled it - have a look in the Options / Extensions - is the ExtensionDynSSL there? If so is it disabled? Enabling it and restarting ZAP should do the trick. If its not there I'd be tempted to try reinstalling..
Simon (ZAP Project Lead)

Related

Openshift Origin Offline/Disconnected Installation

I want to install openshift origin containerized installation(advanced installation) on machine without internet access.
I referred to this URL -> https://docs.openshift.com/enterprise/3.1/install_config/install/disconnected_install.html
But it still going to docker.io and registry.*.redhat.com.
Please suggest a possible approach to achieve the goal.
There is a way to accomplish this install.The updated documentation does list the steps.
Let me know if you are still looking for the steps.

SonarQube: weak ephemeral Diffie-Hellman key issue with SSL

How do we by pass this issue with SonarQube server v5.1 and firefox? Chrome & IE are working fine but firefox is not allowing to access the server in https mode. I looked at https://weakdh.org/sysadmin.html but I am not sure what server SonarQube uses and how to implement fix for this problem. Any help is appreciated. Thanks.
When a user wants to enable (or restrict) access to a SonarQube instance over HTTPS, the recommended way is to put it behind another WebServer she configures at will.
So, the way to go here, is to add an Apache, Nginx or whatever in front of the SQ instance and configure it according to the recommendations in the link you provided and generate a "safe" server certificate.
I fixed it by setting the following property in sonar.properties file.
sonar.web.https.ciphers=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA

Apache Archiva 2.1.1 Upgrade: Proxy does not work

we try to upgrade from archvia 1.3.6 to 2.1.1 but suddenly the remote repositories (including proxy connectors) stopped working. The remote repository view shows error marks in the column "Remote check" but no error message is shown.
Is there a possibility to find out what is going on?
We are using a proxy, we tried with proxy activated, deactivated. I even installed archiva locally on my machine with a fresh database, but still no success.
(how does this remote check even work when the proxy is activated/deactivated in the proxy connectors?)
Eclipse (with newest m2e) says Missing artifact junit:junit:jar:3.8.9. It goes so fast, that i don't think archiva is trying to reach the central-Repository.
The logs on archiva-side are empty.
Does anybody have some hints or the same problem? I think i will try it at home tonight, to see if it is a network issue.
Thanks in advance for any tips!
Update
It really seems that the proxy connector does not work since the internal Repository is empty. http://localhost:8080/archiva/repository/internal/ only shows .indexer
Update 2
The proxy configuration seems bugged in Archiva 2.1.1. I can see the same behaviour as here: Mailing List
A JIRA task for this would be nice.
Does anybody know a workaround to set the proxy for a proxy connector? Or is there a possibility to set a global proxy via a settings file?
Update 3
Rellay seems like a bug in archiva. I sent a mail to the mailing lists. Hopefully this is getting fixed soon because this is a blocker for every user with a proxy.
I won't delete this question for documentation if someone has the same problem. The issue can be found in JIRA here
I also had this problem and the simple solution was to change the proxy protocol from "http" to "https".
I also had the same problem. On first glance the solution given by Christian Quast seemed to work, but it didn't solve the problem. I eventually used a work around by using JVM proxy settings:
-Dhttp.proxyHost=[your_proxy_address]
-Dhttp.proxyPort=[your_proxy_port]
-Dhttp.proxyUser=[your_proxy_user_name]
-Dhttp.proxyPassword=[your_proxy_user_password]
-Dhttp.nonProxyHosts=localhost|127.0.0.1|::0|[any_other_hosts_not_to_use_proxy]
Update
I know it may sound weird but, using the settings above, the error/warning icon on "Remote Check" may still appear. If you add the "network proxy" (mine is using https protocol) to your remote repository (the error/warning icon is still there) but editing the remote repository again and removing it's "network proxy" will show the OK/sun icon.
In my case <networkProxy> under conf\settings.xml gets updated correctly including the port information (probably because my port is not a default 8080) but remote repository connection is still failing.
Also, changing proxy protocol to https did not help.
I know the proxy is right because I use the same for maven .m2\settings.xml
Fortunately I am only evaluating open source repo management tools. Started with Archiva as it is by Apache and we use Maven in our project. Would have moved ahead if this critical issue had a fix or work around. Guess I will have to take a shot at Nexus.
Exactly same problem here. I can't vote on your BUG report because I have no jira account.
As far as I figured out there seems to be a problem with the configuration file ~/.m2/archiva.xml. The Proxy is set without port information.
Hopefully this bug will be fixed as soon as possible.
Extending João Ferreira's reply, to access repositories with https URLs (such as Maven Central), you will also need:
-Dhttps.proxyHost=[your_proxy_host]
-Dhttps.proxyPort=[your_proxy_port]

AD/LDAP authentication for FitNesse

We are going to put FitNesse on a server and wants to have a AD/LDAP authentication solution for this.
Does anyone have experience with good and easy to set up solutions for this?
Thanks in advance. Magnus
One straightforward method would be to download the standard edition of the UnboundID LDAP SDK and get a copy of the jsse.jar file and install both jar files in the fitness lib directory. Create a class in the fitness.authentication package that extends the fitness.authentication.Authenticator class and overrides the isAuthenticated() method. Specify the required properties such as hostname, port, simple or SASL bind, whether to use SSL or StartTLS, base object, search scope, and so forth.
The jsse.jar will provide the necessary SSL classes so that SSL and StartTLS can be implemented as required.
see also
LDAP: Programming practices
It is possible, but it would require either finding or creating a plugin to do it.
I found the following, but I have never tried it:
https://github.com/timander/fitnesse-ldap-authenticator.
Also out there, but older is: https://github.com/dleonard0/fitnesse
You can start there, but you might have to get your hands dirty. Unfortunately, I'm just not that familiar with that part of the code.
See here: http://fitnesse.org/FitNesse.UserGuide.AdministeringFitNesse.SecurityDescription.SpnegoAuthentication
I need to give many more characters to make stakeoverflow happy.

Set up https on the localhost

I have an error occuring on a page that only happens when I access the page through https. I need to configure https on my local machine for testing but am not sure how to go about it?
EDIT.
Using IIS. Sorry for not including.
If you are using IIS then go here: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=56fc92ee-a71a-4c73-b628-ade629c89499&DisplayLang=en
and download the tookit.
In there you'll find a utility called SelfSSL. You can set up a certificate locally that'll get you through development. If I recall the command is:
selfssl /T /N: cn="your_computer_name"
I know the answer is a bit late but hopefully it'll help someone.