threadfix port selection?!

[eug...@eugenetawiah.com]

Before I attempt to change threadfix from port 8443 to 443 and 8080 to 80 in order to not conflict with Burp/ZAP which default to those already used ports;

I'm curious the reasoning for the current threadfix port selection?

Maybe I should focus on changing the port Burp/Zap run on.

[Dan Cornell]

Before I attempt to change threadfix from port 8443 to 443 and 8080 to 80 in order to not conflict with Burp/ZAP which default to those already used ports;

I'm curious the reasoning for the current threadfix port selection?

We defaulted to 8080 and 8443 so that ThreadFix could be run on machines that were already running standard webservers on ports 80 (HTTP) and 443 (HTTPS). Changing the ports ThreadFix listens on basically just involves changing the Tomcat ports. Some documentation on this can be found here:

http://www.mkyong.com/tomcat/how-to-change-tomcat-default-port/

I _believe_ you should just need to change the two <Connector> entries (one for 8080, one for 8443) to use different ports and you should be fine.

Personally I think it is a little strange that a proxy would want to listen on 8080 because that is a typical "alternative webserver port" but that may be my bias (and desire to use port 808 for ThreadFix) speaking...

In any case, it should be possible to reconfigure the ThreadFix ports.

 

Maybe I should focus on changing the port Burp/Zap run on.

That _might_ be easier just because they have a nice GUI to do it and Tomcat requires that you mess around with the server.xml config file. But either setup should be workable.

Thanks,

Dan

 

[Eugene T]

Thanks for the logic explanation. Good to hear the thought process by behind some things before making decisions.