[Owasp-webscarab] UNSUBSCRIBE

Anjaneya Sastry sastry_ka at yahoo.com
Thu Sep 7 08:47:51 EDT 2006 

Please unsubsrcibe be from the mailing list.

--- Rogan Dawes <lists at dawes.za.net> wrote:

> Dylan McReynolds <dmcreynolds at astoriasoftware.com>
> wrote:
> 
> > Hello,
> > 
> > I'm playing with WebScarab for the first time.
> > 
> > I would like to have WebScarab act as an
> authenticating proxy server my 
> > own application testing.  Is this possible?  Basic
> authentication is 
> > fine, but I'd like to mimic proxy servers that
> challenge clients with a
> > 
> > Proxy-Authenticate 
> > Is this possible?
> > 
> > Thanks.
> 
> Hi Dylan,
> 
> Yes, I see no reason why this should not be
> possible. The easiest way 
> would be to write a BeanShell script in the
> Proxy->BeanShell plugin.
> 
> Something like:
> 
> import org.owasp.webscarab.model.Request;
> import org.owasp.webscarab.model.Response;
> import org.owasp.webscarab.httpclient.HTTPClient;
> import java.io.IOException;
> 
> public Response fetchResponse(HTTPClient nextPlugin,
> Request request) 
> throws IOException {
>     String proxyAuth =
> request.getHeader("Proxy-Authorization");
>     if (proxyAuth == null) {
>        Response response = new Response();
>        response.setVersion("HTTP/1.0");
>        response.setStatus("407");
>        response.setMessage("Authentication
> required");
>        response.setHeader("Proxy-Authenticate",
> "Basic 
> realm=\"WebScarab\"");
>        response.setHeader("Content-Length", "0");
>        return response;
>     }
>     response = nextPlugin.fetchResponse(request);
>     return response;
> }
> 
> This is straight from memory, and completely
> untested, so you may need 
> to spell some headers differently, or provide some
> content, etc. But the 
> concept should be valid. If you actually want to
> check the contents of 
> the Proxy-Authorization header, that is up to you.
> But this should at 
> least challenge you for *something*.
> 
> Hope this helps.
> 
> Rogan
> _______________________________________________
> Owasp-webscarab mailing list
> Owasp-webscarab at lists.owasp.org
>
http://lists.owasp.org/mailman/listinfo/owasp-webscarab
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Owasp-webscarab mailing list