Highlighted
stock1337 Absent Member.
Absent Member.
7389 views

webinspect failed to use proxy setting in "current scan setting"

I am trying to scan an website which has internal url (different slightly different to external url) via internal proxy. I was told there is no user agent check on the proxy.

 

For some reason, the webinspect unable to the setting i configure under 'use explicit proxy setting' to resolve the url.

The login macro and smart update both are ok with the proxy setting i configured. 

 

The error message for scan is :

6/28/2010 2:40 PMErrorStart Url Rejected:https://my.internal.billpay.com:443/, reason:smileyvery-happy:oesNotResolve, session:5AD1861DxxxxxxxxxxxCFB2F31E2A81:

 

The wireshark sniffing also indicates that webinspect is trying to resolve the url via direct dns query which will not work because I must go through our internal proxy to reach that url.  Besides, I there is no user agent check on our internal proxy. 

 

Can someone throwing me some hint ?

The only abnormally i noticed is that  clicking  "profile" button under profiler configuration almost always result webinspect crash, but I suppose it is probably different issue.

 

 

 

 

 

 

Labels (1)
Tags (1)
0 Likes
7 Replies
Micro Focus Expert
Micro Focus Expert

Re: WebInspect not failed to use proxy setting in "current scan setting"

Yes, WebInspect performs a DNS check on the target host name prior to starting the scan.  This is done to verify that the target's IP address is within the Allowed IP Range for your license.  You can check this range for your license under the Help menu > About WebInspect > Attributes table.  If you were to use the host's IP address in place of the host name for the URL then the scan would probably run fine.

 

It might be possible to bypass this DNS check by adding an entry to your system's HOSTS file, but that is only a guess.  If none of these items work, you will need to have the ASC Customer Support team modify your license.  The Activation Token includes a "Check DNS" flag that can be disabled for specialized environments that lack DNS services.  I must warn you that the Support team will probably have to pass this request on to one or two other internal HP teams to finalize it, so do not wait until the last moment to request this license modification.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
stock1337 Absent Member.
Absent Member.

Re: WebInspect failed to use proxy setting in "current scan setting"

I have a look on the attributes table. All field are 'unlimited' and the host range is 0.0.0.1-255.255.255.255.

 

For the dns issue, I am not sure if I want to turn off the DNS completely.  We have some pre-production network which wrap around on the proxy before going live (and thus we don't use dns resolution but let proxy handle it).  But we also have production network that maybe required dns resolution. 

 

 

 

 

0 Likes
whips04r Absent Member.
Absent Member.

Re: WebInspect failed to use proxy setting in "current scan setting"

I'm suffering from similar issues. Am attempting to scan a production site, onsite, via the corporate LAN proxy.

WebInspect can run Profiler against the target URL without issues, but fails when it attempts to scan the site due to a problem with DNS lookup.

 

I've had to setup entries in the Hosts file to get the scan to work, as per Hans' suggestion.

 

What's interesting (and somewhat annoying) is that even when WebInspect requests a resource (and gets a valid response to that request) that is part of a domain for which DNS lookup problem manifests, that session is omitted from the Scan Tree 😕

0 Likes
stock1337 Absent Member.
Absent Member.

Re: WebInspect failed to use proxy setting in "current scan setting"

a quick workaround is to edit the C:\WINDOWS\system32\drivers\etc\host file. Simply give the url you are scanning with ip address.  That kinda stop the webinspect to bitch about no ip address resolution

0 Likes
mbebers Absent Member.
Absent Member.

Re: WebInspect not failed to use proxy setting in "current scan setting"

I had face the same ISSUE, and i try to use IP address (196.46.x.x) but it give me the same error.

 

is there any suggestion.

 

thanks in advance

0 Likes
QBaker75 Absent Member.
Absent Member.

Re: WebInspect not failed to use proxy setting in "current scan setting"

As suggested above, it is best to contact HP Support.

Quentin Baker
HP Application Security Center
0 Likes
AutoDan Absent Member.
Absent Member.

Re: WebInspect not failed to use proxy setting in "current scan setting"

Hi,

 

We are experiencing the same issue with a 192.168 ... IP Address on the latest version of WebInpsect and was wondering if you were ever able to find a solution to your problem?

 

Thanks in advance,

 

Dan

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.