01-09-2014 01:43 AM
Hi - Im trying to run WebInspect Scan for Silverlight application. The issue is I'm able to successfully navigate the pages in a Silverlight application manually without the tool. But If I try the same with WebInspect, I face issues in accessing these pages. Even though, I tried below settings it fails.
- Silverlight setting is enabled in default scan settings.
- I tried to add to IP address of the server in the host file: c:\WINDOWS\System32\drivers\etc\hosts.
- Had set proxy settings in IE.
- Increased the timeout secs to 120 to 1000 secs in default scan settings.
The error that I receive is :
Unable to parse Web Server response : Unable to read data from the transport connection: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
What settings is required to avoid above error and to scan a silverlight application successfully.
01-15-2014 02:23 PM
This sounds more like an error in the proxy configuration. WebInspect has two entries for proxies. The first is how WebInspect reaches HP on the Internet, and that is found under the Edit menu > Application Settings > Proxy panel. The second one is for how WebInspect reaches its target, and that is found under the Edit menu > default Scan Settings > Proxy panel.
I suspect that while you have WebInspect set to borrow the proxy settings from MSIE that the proxy uses some sort of authentication. A common fix is to change the WebInspect proxy setting to "Direct Connection", as most scan targets are on the same network and the proxy is not really involved. If the proxy does use authentication, you must manually enter that into the WebInspect proxy configuration, as WebInspect cannot borrow the auth credentials from MSIE, only the network details. Microsoft ISA proxy is a common trouble-maker in this sort of situation, as it invisibly steals the Windows credentials for auth and yet that setting is not visible in the MSIE proxy settings.
-- Habeas Data
01-23-2014 08:25 AM
If you are unable to determine the connection issue, I would record the browser traffic with the included Web Proxy tool and then provide that PSF capture file to Fortify Support for review. Again, you may need to explicitly define your network proxy and any required authentication credentials within that tool to effectively browse the web application.
And always try the Direct Connection (no proxy) option, just in case it works despite what your network admins have told you about required proxies.
-- Habeas Data
02-09-2014 11:14 PM
I had raised a case in fortify support as well. I had sent the fiddler capture to them. Im waiting for their updates.
Could you suggest any other options to resolve this issue.