[Owasp-testing] Testing Web Server which Requires Client Certificate

Christian Heinrich christian.heinrich at owasp.org
Fri Jul 9 19:11:31 EDT 2010


Zaki,

Scroll down on http://portswigger.net/suite/help.html until you reach
http://portswigger.net/images/suite_comms_client_cert.png

On Sat, Jul 10, 2010 at 8:02 AM, Dave van Stein <dvstein at gmail.com> wrote:
> When a client-side certificate mechanism is properly implemented burpsuite
> cannot bypass it.
> What sebastien ment was that burp supports clients-side certificates, but
> you still need a valid certificate.
> When you need to test the application ask your client for a valid
> certificate.
> When you need to test the complete security of the system, try to find ways
> to bypass the mechanism by analysing the requests and responses and see if
> there are loopholes.
>
> 2010/7/9 Zaki Akhmad <zakiakhmad at gmail.com>
>>
>> On Tue, Jul 6, 2010 at 1:11 PM, Sebastien Gioria(OWASP)
>> <sebastien.gioria at owasp.org> wrote:
>> > Play with burpsuite from portswigger
>> >
>> > It support client side certificate.
>>
>> Should I use the burpsuite pro?
>> So this burpsuite can bypass the client side certificate request from
>> the server?


-- 
Regards,
Christian Heinrich - http://www.owasp.org/index.php/user:cmlh
OWASP "Google Hacking" Project Lead - http://sn.im/owasp_google_hacking


More information about the Owasp-testing mailing list