Can anybody help on running zap in commmand line for windows ,especially login credentials when a part of the application is behind a login
Not in a stackoverflow answer, no. The answer is too complicated.
For automation options see https://www.zaproxy.org/docs/automate/
For authentication options see https://www.zaproxy.org/docs/authentication/
Related
I'm trying to solve this problem since a long time, every execution I perform on TF.exe command, is throwing TF30063 exception, when i'm the admin and the only user of my TFS.
Problem: Try to execute this in a clean machine, without any visual studio user logged in on visual studio, IMPORTANT: also remove your user from windows credentials.
tf.exe workspaces /computer:mycomputer
This modal pops up prompting for credentials, but I need something to be run in a command window without user interference, so checking help I see that you could send /login:user,password
Then, again let's try with that in the command:
tf.exe workspaces /computer:mycomputer /login:myuser#outlook.com,MyPassword
And now, I get the following exception:
TF30063: You are not authorized to access xxx
BUT, and for the last, if I login on that popup (which I don't want to do because it will be a remote build service) suddenly all commands works fine.
What is the point of having /login command if is not useful here? is there a way to perform this login without prompt?
Thanks for the help!
It seems you are using VSTS, not on-premises TFS. Usually /login option can be used on on-premises TFS, we use the /login option to specify the Team Foundation Server user account to run a command.
If you want to use on VSTS, you need to get a OAuth token, and specify /loginType:OAuth. The command line is:
tf workspaces /collection:https://xxxx.visualstudio.com /loginType:OAuth /login:.,[OAuth token]
Add a screenshot:
I know it's been very long since this thread is opened but I recently experienced the same issue and resolved it by following the below steps. This maybe helpful for people who will get stuck with this issue in future...
Yes, I have faced the same issue and was able to resolve the issue finally :)
The problem is that tf.exe command with the switch "/login:username,password" works as expected with the onprem versions, however you have to use OAuth for saas version. Please find the below example command for saas version for your reference.
tf workspaces /collection:https://dev.azure.com/OrganizationName /loginType:OAuth /login:.,OAuthtoken
To generate the OAuth token you should be using the following article as a reference.
https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/oauth?view=azure-devops
Hope this helps someone at some point of time :)
I've been chasing this problem around for a while now and I can't get to the bottom of it. I've read the other solutions on here (https://identityserver4.readthedocs.io and https://github.com/IdentityServer/IdentityServer4.Quickstart.UI) and it's still not working, so I've tried to reduce this down to the absolute basics. This is not the actual problem I am facing, but produces the very same outcome. i.e. I can't get Windows Authentication to work.
I clone https://github.com/IdentityServer/IdentityServer4.Samples
I amend Quickstarts/7_JavaScriptClient/src/QuickstartIdentityServer/Quickstart/Account/AccountController.cs so that WindowsAuthenticationEnabled is true
I then goto http://localhost:5000/account/login and attempt to use the Windows external provider and I get 401.
The only difference with this simple sample here, and what I see on my actual system is that I'm getting challenged for credentials on my real site.
Debugging the code I never see if(HttpContext.User is WindowsPrincipal) succeeding, because it's always a ClaimsPrincipal.
Can someone explain to me what I'm doing wrong?
Do you have windows authentication enabled on your IIS site? This needs to be enabled for your WindowsPrincipal to be assigned. Note that windows authentication only works when running behind IIS or IIS Express.
Ok I am attempting to transfer a manual change to powershell,
Attempting to grant IIS_IUSRS access to /LM/SmtpSvc/ and /LM/SmtpSvc/1/ nodes in the IIS Metabase.
I have googled extensively and can not find an example of what i am looking for.
I have been trying to play with
$smtp = [wmiclass]‘root\MicrosoftIISv2:IIsSmtpServerSetting'
But I am in a little over my head with WMI.
Any help would be appreciated. This setting is required for resolving
This.
Not an exact answer, but the best I have so far. Following the Guide here I chose option 1 and changed the app pool to network service. I will still work on a way to do the permissions settings with powershell.
Update (solution untested)
I found this answer on another post that details how to do it using scripts in the iis6.0 resource toolkit. To get these scripts on server 2012 you have to install the IIS6.0 resource toolkit, the only way i can find to do a silent install of this one was located here from there you can call the scripts using cscript.exe. I stuck with the changing user on the app pool option because it fits in with other things as well.
Hi I am currently writing a Test script for an ecommerce site using Seleneium IDE, this is in a testing environment in HTTP. The issue I am having is the test payment gateway 3D Secure is in HTTPS so when using FireFox the browser displays the security warning message when I am returning from the payment gateway 3D Secure HTTPS to the site testing environment.
'Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you sure you want to continue sending this information?'
I have tried the various commands in the IDE for waitForAlert* and asertAlert* but this javascript alert just seems to over ride any of the commands I use and essentially halts the script until manual intervention is used.
I am unable to turn this particular alert off in FF from what I can assertain from various forums as it is too important to be switched off, I have tried in FF about:config
I can obviusly switch the 3D secure off to allow thee script to run, but I would prefer a complete user scenario to be tested as opposed to a test adapted to suit automation.
Many thanks in advance for your time and assistance.
I had exactly the same problem :
I use Selenium web driver to test against my local http server which sends redirects to https service (3DS as well btw ;). The problem is not with certs, but with this hardcoded warning of switching between https/http.
Based on the link from MacGyver's answer and this answer Key press in (Ctrl+A) Selenium WebDriver, I tested this and I can confirm it closes "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party" dialog:
Alert alert = driver.switchTo().alert();
alert.accept();
The other solution, seems to work fine but you'll get UnhandledAlertException with latest Selenium versions (e.g. 2.25.0) :
Actions a = new Actions(driver);
a.sendKeys(Keys.ENTER).perform();
Option #1:
The easiest way is to remove the option in security options for your profile:
http://forums.mozillazine.org/viewtopic.php?f=38&t=665552
Option #2:
Not sure if this applies to an untrusted certifiate or your security warning, but the forum thread seemed to fit. It requires that you use Selenium RC Server.
Profiles are stored here for Firefox: %APPDATA%\Mozilla\Firefox
Profiles can be edited: http://www.dennisplucinik.com/blog/2011/02/04/how-to-install-run-multiple-firefox-versions-in-windows-simultaneously/
Follow the snippet below from this link:
http://old.nabble.com/Security-Warning-on-final-page,-how-to-remove-td22907376.html
If using Firefox 3, see the following post https://developer.mozilla.org/En/Cert_override.txt
The solution I use to get past this security pop-up is only applicable to Firefox 3 browsers and might be more of an hack than a fix but it works.
Run the selenium test
Select "Accept this certificate permanently" when prompted by popup
Click on the OK button (it might be neccessary to have a pause after this because we need to open explorer to find a file now)
Open Windows Explorer and navigate to => "C:\Users\xxxxxxxx\AppData\Local\Temp\customProfileDirxxxx"
This is a temparary profile created by Firefox which contains a file called "cert_override.txt"
Copy "cert_override.txt" to your temp directory
Stop your selenium server.
Open your "selenium-server.jar" file from "c:\selenium-remote-control-xxx\selenium-server-xxx" using WinRar
Drag "cert_override.txt" file into the "selenium-server.jar\customProfileDirCUSTFFCHROME" folder in WinRar (do not delete or edit anything in the .jar file!!!!!)
Close WinRar, start selenium and try it again :)
What's the JBoss 5.x EAP default web console password?
The default credentials are:
login: admin
password: admin
But if you use EAP these credentials are turned off by default and there is no active user (security reasons :)). If you want to turn on these users, you have to edit the following file in your current profile: ./deploy/management/console-mgr.sar/web-console.war/WEB-INF/classes/web-console-users.properties. It should be enough to remove the # sign from the line with the user.
If you want to create a new user, don't forget to set up the correct groups in web-console-roles.properties file.
You can easily find information where these information are stored: just open the ./conf/login-config.xml file and find the proper security domain definition. In the case of the Web Console application, it will be web-console policy.
Also if you want to have access to JMX, you have unlock JMX Console. Just check the following files in the conf/props/ directory (in your profile): jmx-console-users.properties and jmx-console-roles.properties.
I just had to uncomment the line in jboss-eap-5.0\jboss-as\server\default\conf\props\jmx-console-users.properties
admin=admin
Thats it. Restart Jboss and I was about to get in to JBOSS JMX. Magically this even fixed the error that I used to get while shutting down Jboss from Eclipse.
I can also verify the above solution except I had to change in
**..\server\<server profile>\conf\props\jmx-console-users.properties**
If you are using Talend MDM Server, the login is:
login: admin
password: talend
See more: http://wiki.glitchdata.com/index.php?title=TOS:_Accessing_the_Talend_MDM_Server
This differs from the default JBoss login of admin/admin
The password setup file is also login-config.xml in this case.
I suggest visit Add digest auth in jmx-console and read oficial documentation for Configure admin consoles, you can add more security to your JBoss AS console and at these link explains where are the role and user/pass files that you need to change this information for your server and how you can change them. Also I recommend you quit all consoles that you don't use because they can affect to application server's performance.
Also there are others links about securing jmx-console that could help you, search in jboss as community site for them (I can't put them here for my actual reputation,sorry). Never you should has the password in plain text over conf/props/ files.
Sorry for my bad English and I hope my answer be useful for you.
just commenting the line of user and password in file
./server/default/conf/props jmx-console-users.properties worked for me
Step 1:
jmx-console-users.properties
admin=admin
Step 2:
jmx-console-roles.properties
admin=JBossAdmin,HttpInvoker
Step 3: Restart or start the JBoss instance.
Now you should good to go...
Go to the jmx console, enter JBoss login URL, then enter admin as username and admin password.
as suggested in other posts, probably you don't have any user defined. it's not advisable to manually edit the configuration files. you should use the add-user (.sh or .cmd) utility as explained in https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6/html/Installation_Guide/chap-Getting_Started_with_JBoss_Enterprise_Application_Platform_6.html#Add_the_Initial_User_for_the_Management_Interfaces