Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Nessus: users

scanning https

  

 
Nessus users RSS feed   Index | Next | Previous | View Threaded


lexsi.mailing at laposte

Aug 21, 2001, 3:52 AM

Post #1 of 4 (372 views)
Permalink
scanning https
Hi!

Is anyone know how to scan an https server with Nessus ???
I've got the version 1.1.3. I've sniffed the scan and nessusd seems to have
only tryed to do a connection to https not cyphered
"GET / HTTP/1.0".
There is an option ? The change log says that in nessus 1.1.X, there is the
SSL support.


Could I use tunneling with SSL ?

--
Cédric Foll


arboi at noos

Aug 21, 2001, 3:16 AM

Post #2 of 4 (368 views)
Permalink
Re: scanning https [In reply to]
Cédric Foll <lexsi.mailing [at] laposte> writes:

> Is anyone know how to scan an https server with Nessus ???
> There is an option ?

A _configuration_ option. configure should autodetect OpenSSL if it is
installed, unless it is in some strange directory.
In that case, run configure --with-ssl=/path/to/strange/dir/

You have to recompile and reinstall everything if it did not work the
first time.

> Could I use tunneling with SSL ?

What do you mean?


arboi at noos

Aug 21, 2001, 4:00 AM

Post #3 of 4 (364 views)
Permalink
Re: scanning https [In reply to]
Cédric Foll <lexsi.mailing [at] laposte> writes:

> I mean setup ssh in order to redirect connection.

What's the use? The exit of the tunnel is similar to the entry.
And there is no relation between SSH and SSL.

> I scan in clear my port 80. But in fact it scan https://myserver.test:443.

You have to use stunnel for this.

> excuse my english, I'm french...

Is that an excuse? :)

> I should use the tunneling option of ssh. Is it possible ?

Definitely not.

--
mailto:arboi [at] bigfoot http://www.bigfoot.com/~arboi/
GPG Public keys: http://www.bigfoot.com/~arboi/pubkey.txt
FAQNOPI de fr.comp.securite : http://www.bigfoot.com/~arboi/secu/FAQNOPI/


lexsi.mailing at laposte

Aug 21, 2001, 4:20 AM

Post #4 of 4 (365 views)
Permalink
Re: scanning https [In reply to]
> Cédric Foll <lexsi.mailing [at] laposte> writes:
>
> > Is anyone know how to scan an https server with Nessus ???
> > There is an option ?
>
> A _configuration_ option. configure should autodetect OpenSSL if it is
> installed, unless it is in some strange directory.
> In that case, run configure --with-ssl=/path/to/strange/dir/
>
> You have to recompile and reinstall everything if it did not work the
> first time.
>
Thanks!

> > Could I use tunneling with SSL ?
>
> What do you mean?
>
I mean setup ssh in order to redirect connection.
I scan in clear my port 80. But in fact it scan https://myserver.test:443.
In order to make it possible (excuse my english, I'm french...), I should
use the tunneling option of ssh. Is it possible ?

Nessus users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.