[Owasp-webscarab] WebScarab bug report and fix

Kevin Bong kevin at lapooh.com
Fri Jul 15 16:40:52 EDT 2011

I found a bug in WebScarab and the fix, not sure how to report it.  Posting
it here in case others come across the same error.

I needed to set up an SSL proxy to capture traffic from a custom fat client
application that failed on certificate errors.

Following the great tutorial
generated a certificate for my site and placed it in the /certs/
next to Webscarab.

When I attempted to use the proxy, I still got certificate errors at the
client, and got these messages from WebScarab:
15:33:41 Listener- Loading SSL
keystore for www.mysite.com from ./certs/www.mysite.com.p12
15:33:42 Listener- Error
reading SSL keystore from ./certs/www.mysite.com.p12: X509 KeyManagerFactory
not available
15:33:42 Listener-
Generating custom SSL keystore for www.mysite.com

The Fix:
On line 484 of webscarab/plugin/proxy.java change
            kmf = KeyManagerFactory.getInstance("X509");
            kmf = KeyManagerFactory.getInstance("SunX509");
and rebuild the jar file.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-webscarab/attachments/20110715/41c1d39d/attachment.html 

More information about the Owasp-webscarab mailing list