To test a Secure Sockets Layer (SSL) server with beSTORM, do the following:
- Install the beSTORM Client on a computer that is not in use or on a network and assign an IP address to it. This will create the beSTORM server.
- Set up an HTTPS server on another computer that is also not in use or on a network and assign an IP address to it. If your SSL server is Windows-based, do the following:
- Install and open beSTORM Monitor.
- On the Processes tab, select SSL.
- In the Host box, enter the IP address of the beSTORM server, and then select Attach.
- Connect the beSTORM server computer directly to the SSL server computer with a network cable. Do not include a switch between the two computers.
- Open beSTORM Client.
- Select New Project to open the beSTORM New Project Wizard.
- On the Welcome page, enter a name for the project in the Project Name box. Leave all other parameters to their default setting.
- Select Next.
- On the Basic Configuration page, select HTTP/1.0 (SSL Web Client or HTTP/1.1 (SSL Web Client) from the beSTORM's predefined modules list.
- In the Hostname or IP address box, enter the IP address of the SSL Server.
- In the Remote Port box, enter port number of the SSL server (usually 443).
- Select Next.
- On the Module Environment page, review the parameters listed and make any necessary changes.
- Select Next.
- If the SSL server is not accessible, on the Extra Configuration page, select the ICMP Echo and TCP Echo checkboxes. Otherwise, leave all parameters to their default setting.
- Select Next.
- On the Complete beSTORM wizard page, select Finish to begin testing, or clear the Auto-start beSTORM scan now checkbox to run the test later.
- Once your test begins, if an exception occurs (that is, an attack was successful), a message will appear in an Exception Information dialog informing you that the remote server is not responding. This indicates a possible vulnerability. Testing will resume after five seconds unless you select Pause Test.
- When testing is complete, select Report to view a short report of your test.
- Alternatively, you can select Report > Generate Report from the beSTORM Client to generate a more comprehensive report of your test.