Re: [W3af-users] How to teach w3af to log in prior to spidering and testing

Thu, 30 Apr 2009 14:17:33 -0700 

Hi 
Not long before I was searching for the same here is what I got

To specify authentication "credentials" to w3af, you have two ways:
- Use the proxy tool and a browser to get a valid cookie, and then add
that cookie to the scanning process by configuring the http-settings,
cookieJarFile parameter.

- Use the discovery.spiderMan plugin. This plugin acts as a proxy, and
lets you navigate the target site and authenticate to it. After
closing spiderMan, the authentication credencials will be used through
the whole w3af scan.

Hope it helps
Abhi




________________________________
From: Bill Moran <[email protected]>
To: [email protected]
Sent: Thursday, April 30, 2009 5:12:37 PM
Subject: [W3af-users] How to teach w3af to log in prior to spidering and testing


I need to provide w3af login credentials before it starts its work.
99% of the app I'm scanning are only accessible after login, so without
this I can't really use w3af at all.

I can't seem to find information on this in the docs or via google.
I assume I'm missing something.  Anyone have a pointer?

-- 
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users



      
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to