I have problems setting up burp suite on my macbook with google chrome. I have followed all guidelines on the official website and my settings look like this:
But when I visit websites, I don't see any requests/responses in the intercept tab under Proxy in the program. Why not?
Perhaps Intercept it turned off. Do you see anything in HTTP history?
If not, try setting up a scope in Target > Scope. Also, look at the option, Proxy > Options > Miscellaneous > Don't send items to Proxy history or other Burp tools, if out of scope.
One other possibility: is a Chrome extension managing your proxy settings? There are various extensions that do this, like Foxy Proxy.
Related
I have an IIS site on a Windows 2012 R2 server. The site has an Application inside it:
The URL for this site is setup on our Active Directive servers as it is only accessible internally from our company. The URL follows the following structure:
http://NAMEoftheSERVICE.myCompanyServices.myCompany.local
The service for this site is placed in an internal folder:
http://NAMEoftheSERVICE.myCompanyServices.myCompany.local/InternalFolder/Service.svc
I have placed a number of test files both at the root level and in the internal folder:
http://NAMEoftheSERVICE.myCompanyServices.myCompany.local/HelloWorld.html
http://NAMEoftheSERVICE.myCompanyServices.myCompany.local/InternalFolder/HelloWorld.html
I can browse these files without any problems. However, I cannot browse the service at http://NAMEoftheSERVICE.myCompanyServices.myCompany.local/InternalFolder/Service.svc
The browser returns
However the file is there, and I have made sure there are no typos in the URL I put in the browser.
I have looked at similar questions but there seems not to be anything like the problem I am experiencing. The only question that looked promising was:
WCF service file not visible
But the answer for that post does not apply to my issue as I already have the configuration mentioned in that post setup as it is suggested.
I have checked the IIS-level config files for any exclusion regarding .svc files or anything similar, but could not find anyhting.
Have you got any suggestions on where to look at to solve this issue?
Solution: Install HTTP Activation feature
After running some more testing on other sites on the same server, I actually realised that the issue was specific to .svc files. I therefore made another search on Google and found that the server was missing the "HTTP Activation" feature (part of the WCF Services).
So, if you are having the same issue on .svc files follow the following steps to make sure you have the right components installed on the server:
Open Server Manager
In Server Manager, click the Manage menu, and then click Add Roles
and Features
In the Add Roles and Features wizard, click Next. Select the
installation type and click Next. Select the destination server and
click Next.
Skip the Server Roles page.
On the Select features page, expand ".Net Framework 4.5 Features",
expand "WCF Services" and select "HTTP Activation". Click Next.
On the Confirm installation selections page, click Install.
On the Results page, click Close.
The same can be achieved by running the following Powershell command:
Install-WindowsFeature -Name NET-WCF-HTTP-Activation45
This did the trick for me. I hope it can be of help to someone.
Is there a way in C++ to set the Windows system proxy with authentication credentials so it would affect all running programs(browsers, etc...) immediatly but:
Not requiring restarting any browser
Not requiring browser-reauthentication
I am looking really for a system level pre-authenticated proxy.
Thank you for any help. Ask any questions if something is unclear.
Using: c++11, Windows 7
EDIT 1: I need to set this programmatically, so please do not suggest any manual actions.
EDIT 2: Partially acceptable is a way how to set proxy programmatically without pre-authentication but still keeping 1. requirement (Not requiring restarting any browser)
System-level proxy settings are located in registry under \Software\Microsoft\Windows\CurrentVersion\Internet Settings hive in HKLM for all users and HKCU hive for current user.
There is an official instruction how to change it via REG file, you does not need to write any code.
But the main problem is: any application may have its own proxy settings, where it 1) can prefer system level settings but allow to override it by user, 2) not using system settings at all.
In corporate environments this problem solves as:
Internet gateway not allowed directly access to external network any computer except proxy server (Microsoft ISA/Forefront Web Proxy)
Proxy settings in registry are forced to all computers via Group Policies
If user need to run application which can not use system-wide proxy settings - it need to install ISA Firewall Client which intercepts all traffic and authenticate it on the ISA proxy.
So when you use full Microsoft software stack - you still not need to write any code :-)
Moreover, ISA Firewall Client uses undocumented Windows features and it will be too hard to write something to replace it with your own "C++11" skills.
I'm trying to create simple WebServices project using Intellij Idea 12 IDE (Glassfish 4.0.0 server, JDK 1.7.0_45)
And have a couple of troubles.
First of all, I cannot expose or unexpose my default class HelloWorld. I just do not have this button (Expose Class as Web Service) in menu 'Web Services' or even in the tab 'tools'.
Somewhere I've found that ALT+ENTER could help me, but it did not. There were no signs of that functionality too.
However, as you probably know, it is not extremely important in this test (HelloWorld) example to expose the class (it is exposed by default) and I still tried to launch my simple solution. But it does not work.
It shows just blank window in browser (path: localhost:8080/jax_ws_server or smth like this). When I intentionally tried to change this path to string (I've changed it not only in browser url-string, but also in Artifacts settings) 'localhost:8080/services/HelloWorld', which I have found in the configuration file 'sun-jaxws.xml', It just shows 404 error in a browser.
I use this tutorial:
http://wiki.jetbrains.net/intellij/Developing_a_simple_JaxWS_WebService
What can I do to solve this problems? Thank you for every answer!
Users could have connections through proxies. Some using system-wide proxy settings, others browser-wide proxy.
On Windows for example you could have the system proxy settings as well as proxy settings for Firefox or Chrome alone. Therefore relying on system proxy settings is not reliable.
The only logical solution is to use whatever proxy settings the browser loading my plugin is using. If Firefox is loading my plugin and it has some proxy settings, my plugin should connect using these settings as well. I need my plugin to download the SSL cert of the page in which the plugin is loaded (for further verification..etc).
Is there some way to do that in NPAPI or I must use APIs like Windows WinInet or WinHTTP, or OpenSSL for Linux and Mac? If I have to do so, then how can I let my plugin use whatever proxy settings the host browser is using? I am checking out NPN_GetValueForURL, but I don't think it has good compatibility and good browser interop.
Thank you guys!
I'm pretty sure that NPN_GetURLNotify() will use the browser's proxy settings. It would be pretty crazy if it did not.
Update
If you're writing an NPAPI-based plugin, you need to use the NPN_Get/Post functions to do HTTP requests. That will use the host's proxy settings, cookies, etc. These functions exist for this reason; I don't know why you would use Wininet or roll your own instead.
Looking through about:config, it appears Firefox stores the proxy settings in network.proxy.*. You can access these settings programmatically via the Preferences Service. I suppose you could configure Wininet to behave the same, but you still have the cookie problem.
What are the configuration file settings to enable webservices on IIS 7.0 in classic mode?
The site has to be in a classic mode application pool because the Report Viewer controls crash when running in Integrated Mode. However in a classic mode application pool, webservices produce the following error message:
The requested content appears to be
script and will not be served by the
static file handler.
•If you want to serve this content as
a static file, add an explicit MIME
map
EDIT - Additional Error Message Info:
HTTP Error 404.17 - Not Found
Module: StaticFileModule
Notification: ExecuteRequestHandler
Handler: StaticFile
Error Code: 0x80070032
Note: This particular instance of the application will be running in a customers account on a shared hosting enviroment so access to IIS UI is not/will not be available. Specifically seeking configuration file adjustments.
In IIS Manager (Start -> Run -> inetmgr), select the website or virtual directory you want to set to classic mode.
In the right hand panel "Actions", click on "Basic Settings".
Next to application pool (that is defaulted to DefaultAppPool), click "Select" and change it to "Classic .Net AppPool".
Walkthrough is here.
Update: Sorry, I misread your question. There are a couple of things you can try:
The first is to double check the IIS installation features from the control panel (Programs and Features -> Turn Windows Features on and off -> Internet Information Services -> World Wide Web Services -> Application Development Features). I have everything bar CGI and Server-side includes checked).
Secondly, make sure that your site is correctly setup as an application (select website -> Actions -> View Applications). If it isn't there you'll need to add it.
Third thing to check is specifically the Handlers, which is accessed through IIS Manager -> Select website -> Handler Mappings -> Open Feature -> Make sure .asmx is there. I have it three times, WebServiceHandlerFactory-Integrated (handler System.Web.Handlers.WebAdminHandler), WebServiceHandlerFactory-ISAPI-2.0 (Isapi Module), and WebServiceHandlerFactory-ISAPI-2.0-64 (Isapi Module).
Finally you make sure you are using the correct .NET version for that application.
Again, apologies for the original duff answer.
Thanks Junto for the post! I tried so many things that other people were suggested but couldn't get my site to work. I followed your instructions and sure enough, my applications were listed under Sites in IIS, but were not shown in the Application Pools. I deleted the Applications and created them. Everything work as expected after that.
In case someone is interested of what I went through. I was migrating from IIS6 to IIS7. All the virtual directories and applications seem to be ported fine, but not all of them got into the Application Pools. So, if you're running into the same issue, "Error 400.17. If you want to serve this content as a static file, add an explicit MIME map", check your App Pool to make sure all your applications are shown.
This sounds like your HandlerMappings are a bit screwy. You can revert to known good a baseline (provided you haven't tinkered with the server wide Handler Mappings) by doing:
Open IIS Manager
Open the site in question
In the Features View for the site open the Handler Mappings feature
In the Actions pane (top right), click on "Revert To Parent"