[Owasp-webscarab] WebScarab bug report and fix

Kevin Bong kevin at lapooh.com
Fri Jul 15 16:40:52 EDT 2011


I found a bug in WebScarab and the fix, not sure how to report it.  Posting
it here in case others come across the same error.

I needed to set up an SSL proxy to capture traffic from a custom fat client
application that failed on certificate errors.

Following the great tutorial
https://www.owasp.org/index.php/Generating_Custom_SSL_Certificates_for_WebScarabI
generated a certificate for my site and placed it in the /certs/
folder
next to Webscarab.

When I attempted to use the proxy, I still got certificate errors at the
client, and got these messages from WebScarab:
15:33:41 Listener-192.168.7.108:8008-1(Proxy.loadSocketFactory): Loading SSL
keystore for www.mysite.com from ./certs/www.mysite.com.p12
15:33:42 Listener-192.168.7.108:8008-1(Proxy.loadSocketFactory): Error
reading SSL keystore from ./certs/www.mysite.com.p12: X509 KeyManagerFactory
not available
15:33:42 Listener-192.168.7.108:8008-1(Proxy.generateSocketFactory):
Generating custom SSL keystore for www.mysite.com

The Fix:
On line 484 of webscarab/plugin/proxy.java change
            kmf = KeyManagerFactory.getInstance("X509");
to
            kmf = KeyManagerFactory.getInstance("SunX509");
and rebuild the jar file.

Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-webscarab/attachments/20110715/41c1d39d/attachment.html 


More information about the Owasp-webscarab mailing list