Comments on: Webscarab Tutorial Part 1 (learning the basics) http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/ Wed, 16 May 2012 13:17:56 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Divya http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-1171 Divya Thu, 05 Apr 2012 06:40:25 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-1171 Hi Tavis, Sorry ..There is a small correction in the above post. Error in paros is 407 Proxy Authorization required. For URL http://localhost./webgoat/attack the browser is prompting for my corporate domain credentials. Though I provide correct credentials the broswser is displaying Proxy Authorization error. My corporate is not allowing Webscrab so Im working on paros. Though this is a webscrab tutorial please help me on paros. Thanks Hi Tavis,

Sorry ..There is a small correction in the above post.

Error in paros is 407 Proxy Authorization required.

For URL http://localhost./webgoat/attack the browser is prompting for my corporate domain credentials. Though I provide correct credentials the broswser is displaying Proxy Authorization error.

My corporate is not allowing Webscrab so Im working on paros. Though this is a webscrab tutorial please help me on paros.

Thanks

]]> By: Divya http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-1170 Divya Thu, 05 Apr 2012 06:00:47 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-1170 Hi Travis, Problem with Webgoat on Paros. Below are my settings: Using IE7 Using Paros Proxy(not webscrab) Working under corporate proxy. Webgoat configured on 8080.(hope this is the default port) Configured paros with corporate proxy with username and password IE LAN settings configured as localhost 8080 Error in Paros:502 Connection Refused. URL used: http://localhost/webgoat/attack/- If this URL is used the Webgoat page is displayed in browser but traffic not routed to paros URL used: http://localhost./webgoat/attack/- If this URL is used the Webgoat page is not displayed in browser(browser showing 502 error) but traffic is routed to paros with HTTP response error 502 connection refused. Pls help me on this. Thanks Divya Hi Travis,
Problem with Webgoat on Paros.
Below are my settings:
Using IE7
Using Paros Proxy(not webscrab)
Working under corporate proxy.
Webgoat configured on 8080.(hope this is the default port)
Configured paros with corporate proxy with username and password
IE LAN settings configured as localhost 8080

Error in Paros:502 Connection Refused.

URL used: http://localhost/webgoat/attack/- If this URL is used the Webgoat page is displayed in browser but traffic not routed to paros

URL used: http://localhost./webgoat/attack/- If this URL is used the Webgoat page is not displayed in browser(browser showing 502 error) but traffic is routed to paros with HTTP response error 502 connection refused.

Pls help me on this.

Thanks Divya

]]> By: travis http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-1106 travis Thu, 01 Mar 2012 02:19:54 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-1106 Sorry for the late reply, did you try starting and stopping the proxy as in the first figure? Sounds like you've got everything configured correctly to me. Sorry for the late reply, did you try starting and stopping the proxy as in the first figure? Sounds like you’ve got everything configured correctly to me.

]]> By: Ru http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-1101 Ru Mon, 27 Feb 2012 13:58:11 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-1101 A good and helpful post! I'm having the same issue, user "problem" asked earlier. FYI, i'm running webgoat on port 8080(by executing webgoat_8080.bat) and changed my browser, http proxy settings to IP:127.0.0.1 and Port:8008. Soon after changing proxy settings, i'm unable to connect any of websites(either localhost or other outside hosts). I have already removed 'localhost' from ignored hosts. The area where the issue i'm having i guess is http proxy is not started. The error message popped when i refresh browser is "Cannot connect to the proxy server". Please help me out in solving this issue.. Thanking you in advance..:-) A good and helpful post!
I’m having the same issue, user “problem” asked earlier. FYI, i’m running webgoat on port 8080(by executing webgoat_8080.bat) and changed my browser, http proxy settings to IP:127.0.0.1 and Port:8008. Soon after changing proxy settings, i’m unable to connect any of websites(either localhost or other outside hosts). I have already removed ‘localhost’ from ignored hosts. The area where the issue i’m having i guess is http proxy is not started. The error message popped when i refresh browser is “Cannot connect to the proxy server”.
Please help me out in solving this issue..

Thanking you in advance..:-)

]]> By: Is there a program that automaticly finds .PHP files on a web server and tests them for SQL injections? - Admins Goodies http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-966 Is there a program that automaticly finds .PHP files on a web server and tests them for SQL injections? - Admins Goodies Thu, 11 Aug 2011 21:42:41 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-966 [...] WebScarab Howto: http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/ [...] [...] WebScarab Howto: http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/ [...]

]]> By: travis http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-931 travis Mon, 06 Jun 2011 17:01:54 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-931 Mo, Glad you found your answer. Also some browsers will automatically not allow proxies for localhost, so you may have to specifically check a box inside the browsers settings to allow for localhost. Thanks for adding you info and experience. Mo,

Glad you found your answer. Also some browsers will automatically not allow proxies for localhost, so you may have to specifically check a box inside the browsers settings to allow for localhost. Thanks for adding you info and experience.

]]> By: Mo http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-928 Mo Thu, 26 May 2011 15:10:08 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-928 Travis, This is Mo again. I just found an answer to my problem (please feel free to add this to any FAQ's you build). If someone decides to build a test environment and has the webserver and the proxy run on the same box, make sure not to use the URL: http://localhost/mysite... Using "localhost" means traffic is not routed the classic way (web browser to http server listening port) and therefore the webscarab user wont be able to intercept traffic. Best practice is to use the local box IP address instead. URL: http://192.168.1.5/mysite... This solution took me a while to find. I hope it can help a lost soul somewhere. Travis,

This is Mo again. I just found an answer to my problem (please feel free to add this to any FAQ’s you build). If someone decides to build a test environment and has the webserver and the proxy run on the same box, make sure not to use the URL: http://localhost/mysite...

Using “localhost” means traffic is not routed the classic way (web browser to http server listening port) and therefore the webscarab user wont be able to intercept traffic. Best practice is to use the local box IP address instead.

URL: http://192.168.1.5/mysite...

This solution took me a while to find. I hope it can help a lost soul somewhere.

]]> By: Mo http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-927 Mo Thu, 26 May 2011 14:32:52 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-927 Hi Travis, Great work! Thank you for all the help. I'm trying to test an in-house web application with webscarab and I'm running into issues (my experience is limited). I have the web application running on my local XP IIS and I can't figure out a way to intercept traffic. I have followed all of your instructions above (I am using IE 8.0) and still having issues with locally installed web apps. Any help would be greatly appreciated. Keep up the good work :) Hi Travis,

Great work! Thank you for all the help. I’m trying to test an in-house web application with webscarab and I’m running into issues (my experience is limited). I have the web application running on my local XP IIS and I can’t figure out a way to intercept traffic.

I have followed all of your instructions above (I am using IE 8.0) and still having issues with locally installed web apps. Any help would be greatly appreciated.

Keep up the good work :)

]]> By: travis http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-893 travis Wed, 19 Jan 2011 12:51:52 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-893 Fabrizio, I'm not quite sure what your problem could be, sounds like you have everything setup correctly. Maybe try the same setup with Internet Explorer and see if you have the same issue. Also you might want to clear your history and cookies inside of firefox that gives it a fresh start. I've sometimes gotten hangups on old history and cookies. Try that and let me know if that works. Fabrizio,

I’m not quite sure what your problem could be, sounds like you have everything setup correctly. Maybe try the same setup with Internet Explorer and see if you have the same issue. Also you might want to clear your history and cookies inside of firefox that gives it a fresh start. I’ve sometimes gotten hangups on old history and cookies. Try that and let me know if that works.

]]> By: Fabrizio http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/comment-page-1/#comment-892 Fabrizio Wed, 19 Jan 2011 11:39:57 +0000 http://travisaltman.com/webscarab-tutorial-part-1-learning-the-basics/#comment-892 Hi, I am trying to solve WebGoat lessons using Webscarab. I'm also using the browser Firefox. I set webscarab listen on port 8008. I've configured firefox to connect on HTTP proxy on port 8008. The problem is that Webscarab is able to intercept the request, but my browser don't receive data. It remains waiting for localhost response. Please tell me any solution. Thanks Hi,
I am trying to solve WebGoat lessons using Webscarab. I’m also using the browser
Firefox. I set webscarab listen on port 8008. I’ve configured firefox to connect on
HTTP proxy on port 8008. The problem is that Webscarab is able to intercept the request, but my
browser don’t receive data. It remains waiting for localhost response. Please tell me
any solution.

Thanks

]]>