[Owasp-testing] Testing Web Server which Requires Client Certificate

Dave van Stein dvstein at gmail.com
Fri Jul 9 18:02:39 EDT 2010


When a client-side certificate mechanism is properly implemented burpsuite
cannot bypass it.
What sebastien ment was that burp supports clients-side certificates, but
you still need a valid certificate.
When you need to test the application ask your client for a valid
certificate.
When you need to test the complete security of the system, try to find ways
to bypass the mechanism by analysing the requests and responses and see if
there are loopholes.

2010/7/9 Zaki Akhmad <zakiakhmad at gmail.com>

> On Tue, Jul 6, 2010 at 1:11 PM, Sebastien Gioria(OWASP)
> <sebastien.gioria at owasp.org> wrote:
> > Play with burpsuite from portswigger
> >
> > It support client side certificate.
>
> Should I use the burpsuite pro?
> So this burpsuite can bypass the client side certificate request from
> the server?
>
> --
> Zaki Akhmad
> _______________________________________________
> Owasp-testing mailing list
> Owasp-testing at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-testing
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-testing/attachments/20100710/97db4659/attachment.html 


More information about the Owasp-testing mailing list