better SSL support with WEBSCARAB

[Jeroen]

download APJP-0.7.0
download WEBSCARAB: http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
start WEBSCARAB
- click TOOLS
- click PROXIES
- set HTTP PROXY to 127.0.0.1 and PORT to 10080
- set HTTPS PROXY to 127.0.0.1 and PORT to 10443
- click APPLY
start APJP
start FIREFOX
- click TOOLS
- click OPTIONS...
- click ADVANCED
- click NETWORK
- click SETTINGS...
- check MANUAL PROXY CONFIGURATION
- set HTTP PROXY to 127.0.0.1 and PORT to 8008
- set SSL PROXY to 127.0.0.1 and PORT to 8008
- click OK
- browse to https://www.google.com, you will see THIS CONNECTION IS
UNTRUSTED
- click I UNDERSTAND THE RISKS
- click ADD EXCEPTION...
- click GET CERTIFICATE
- click VIEW...
- click DETAILS
- select OWASP CUSTOM CA FOR ... AT ...
- click EXPORT...
- set FILE NAME to OWASPCUSTOMCAFOR...AT...
- set SAVE AS TYPE to X.509.CERTIFICATE (PEM)
- click SAVE
- click CLOSE
- click CANCEL
- click TOOLS
- click OPTIONS...
- click ADVANCED
- click ENCRYPTION
- click VIEW CERTIFICATES
- click AUTHORITIES
- click IMPORT...
- set FILE NAME to
OWASPCUSTOMCAFOR...AT...
- set FILES OF TYPE to CERTIFICATES
- click OPEN
- check TRUST THIS CA TO IDENTIFY
WEBSITES
- click OK
- click OK
- click OK
- browse to https://www.google.com

:)

[Victor Bruno]

Dear Jeroen,

Good day. I do trust this catches you well. 

I'm using firefox 20 with webscarab, latest version and was having quite a difficulty time intercepting ssl connections as my browser would refuse, like 'the proxy is refusing connections'. After googling quite a bit I found your post and followed the instructions. Much to my pain, though, it led to another dead end!!! What I mean is: I can access ssl connections but they no longer come through webscarab, or at least my "summary tab" in weebscarab is clean...

So, I'm trying to test ddifferent browsers and different sites, but it's more like a shot in the dark. If you can share something please, I do appreciate.

Thanks and Regards,

Victor