Archive for the ‘Security’ Category


openssl s_client -connect www.example.com:443 -tls1_2
nmap --script ssl-enum-ciphers -p 443 www.example.com

Credit:http://serverfault.com/questions/638691/how-can-i-verify-if-tls-1-2-is-supported-on-a-remote-web-server-from-the-rhel-ce

OWASP provides an virtual machine that contains quite a few self assessment tools. You can download it from https://www.owasp.org/index.php/Category:OWASP_Live_CD_Project#tab=Main_Links

The virtual machine is based on Xubuntu and you can select ubuntu when you install from virtualbox.

The login user and password is owasp/owasp.

After login, you can open ZAP proxy to start your own test. The firefox browser has been configured to work with ZAP Proxy.

owasp

To test in windows, you can download ZAP Proxy from https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project.

After installation,

  • Start ZAP proxy
  • Open http://localhost:8080/pnh/ in your Firefox browser and install the Firefox plug-n-hack add-on
  • Setup your firefox proxy to use localhost:8080 as proxy, which is the default local proxy for ZAP.

Just browse the site you want to test, it should be traced by ZAP.

firefox