[Owasp-webscarab] WebScarab bug report and fix
kevin at lapooh.com
Fri Jul 15 16:40:52 EDT 2011
I found a bug in WebScarab and the fix, not sure how to report it. Posting
it here in case others come across the same error.
I needed to set up an SSL proxy to capture traffic from a custom fat client
application that failed on certificate errors.
Following the great tutorial
generated a certificate for my site and placed it in the /certs/
next to Webscarab.
When I attempted to use the proxy, I still got certificate errors at the
client, and got these messages from WebScarab:
15:33:41 Listener-192.168.7.108:8008-1(Proxy.loadSocketFactory): Loading SSL
keystore for www.mysite.com from ./certs/www.mysite.com.p12
15:33:42 Listener-192.168.7.108:8008-1(Proxy.loadSocketFactory): Error
reading SSL keystore from ./certs/www.mysite.com.p12: X509 KeyManagerFactory
Generating custom SSL keystore for www.mysite.com
On line 484 of webscarab/plugin/proxy.java change
kmf = KeyManagerFactory.getInstance("X509");
kmf = KeyManagerFactory.getInstance("SunX509");
and rebuild the jar file.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-webscarab