To test a Secure Sockets Layer (SSL) server with beSTORM, do the following:


  1. Install the beSTORM Client on a computer that is not in use or on a network and assign an IP address to it. This will create the beSTORM server.
  2. Set up an HTTPS server on another computer that is also not in use or on a network and assign an IP address to it. If your SSL server is Windows-based, do the following:
    1. Install and open beSTORM Monitor.
    2. On the Processes tab, select SSL.
    3. In the Host box, enter the IP address of the beSTORM server, and then select Attach.
  3. Connect the beSTORM server computer directly to the SSL server computer with a network cable. Do not include a switch between the two computers.
  4. Open beSTORM Client.
  5. Select New Project to open the beSTORM New Project Wizard.
  6. On the Welcome page, enter a name for the project in the Project Name box. Leave all other parameters to their default setting.
  7. Select Next.
  8. On the Basic Configuration page, select HTTP/1.0 (SSL Web Client or HTTP/1.1 (SSL Web Client) from the beSTORM's predefined modules list.
  9. In the Hostname or IP address box, enter the IP address of the SSL Server.
  10. In the Remote Port box, enter port number of the SSL server (usually 443).
  11. Select Next.
  12. On the Module Environment page, review the parameters listed and make any necessary changes.
  13. Select Next.
  14. If the SSL server is not accessible, on the Extra Configuration page, select the ICMP Echo and TCP Echo checkboxes. Otherwise, leave all parameters to their default setting.
  15. Select Next.
  16. On the Complete beSTORM wizard page, select Finish to begin testing, or clear the Auto-start beSTORM scan now checkbox to run the test later.
  17. Once your test begins, if an exception occurs (that is, an attack was successful), a message will appear in an Exception Information dialog informing you that the remote server is not responding. This indicates a possible vulnerability. Testing will resume after five seconds unless you select Pause Test.
  18. When testing is complete, select Report to view a short report of your test.
  19. Alternatively, you can select Report > Generate Report from the beSTORM Client to generate a more comprehensive report of your test.