List,
Thanks to Tara's help we now have authentication plugins that
allows w3af to login to almost any web application using the
auth.generic plugin! This is a huge step forward in the way we manage
authentication and sessions because w3af is now going to verify if the
session is active or not before running each of the discovery/audit
plugins, and if it's not it has the power to re-login using the
provided credentials.
The generic plugin code can be modified if required to perform any
amount of steps in order to login to applications that use complex
authentication schemes such as SSO, multiple login steps, etc.
The changes are available at our SVN, simply "svn up" your w3af
installation or run "./w3af_console -f" to force an update. The code
is available here [0]
To sum up, this is a HUGE STEP FORWARD in the right direction!
Thanks Taras for your help!
[0] http://sourceforge.net/apps/trac/w3af/changeset/4576
Regards,
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Learn Windows Azure Live! Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for
developers. It will provide a great way to learn Windows Azure and what it
provides. You can attend the event by watching it streamed LIVE online.
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
