I just followed the instructions to install it on Kali linux. When I start rails I can specify port and binding which is great because I can now access Dradis outside my cloud VPS. The only problem the connection is not encrypted, it listens on http port 80. how can I force it to use https port 443?
@kanalia, Rachael with the support team here. Check out this thread for more on using the
-b parameter: Connecting to same Dradis instance for real time collaboration. I think that should get you the results you’re looking for. Any questions? Just let us know!
Hi Rachkor, how are you?
This does not help. I know I can bind it to different interface using b parameter, but this does not change the fact it still serves the website on http not https, setting the port does not change this either, if i set it to 443 I end up with http served over port 443 but this is not encrypted. I can see clear text credentials if I do man in the middle or sniff traffic using Wireshark. I am about to start big penetration test project and considered using Dradis for the first time but I won’t be able to use it if data is sent in pure text over the wire.
You can use a reverse proxy like nginx or apache to encrypt your traffic with SSL.