Yilmaz, On Fri, May 29, 2009 at 2:25 AM, Yilmaz Cankaya <[email protected]> wrote: > Hi Andres > here is the output from the console > > w3af/config:http-settings>>> set basicAuthUser guest basicAuthPass guest > basicAuthDomain webgoat
All in the same line? > To properly configure the basic authentication settings, you should also > set the auth domain. If you are unsure, you can set it to the target > domain name. > w3af/config:http-settings>>> > > ************************ > and assuming that perhaps the root domain check is in place, I've also > tried > > w3af/config:http-settings>>> set basicAuthUser guest basicAuthPass guest > basicAuthDomain webgoat.com use different lines, like: set basicAuthUser guest set basicAuthPass guest set basicAuthDomain webgoat.com > To properly configure the basic authentication settings, you should also > set the auth domain. If you are unsure, you can set it to the target > domain name. > w3af/config:http-settings>>> > > > Regards > > > > > Andres Riancho wrote: >> Yilmaz, >> >> On Thu, May 28, 2009 at 7:09 AM, Yilmaz Cankaya >> <[email protected]> wrote: >> >>> Meanwhile, I had sniffed the http traffic on the server and could verify >>> that no authorization header is sent. >>> >>> Is there someone who tested this opt? I am not very good at python, >>> thus any help is appreciated. >>> >> >> hmmm, I tried to reproduce this, but it's working for me. >> >> Could you please try to perform the same task but with the console >> user interface, and then send us the transcription of your w3af >> console session? Maybe with that I'll be able to reproduce the >> possible bug. >> >> Thanks! >> >> >>> regards >>> >>> Yilmaz Cankaya wrote: >>> >>>> Hi, >>>> giving a try to the Basic Authentication option in HTTP Config screen, >>>> I've noticed that w3af spider tests do not sent authorization header >>>> properly or even not at all. >>>> >>>> someone tested any site with Basic Authentication credentials configured? >>>> >>>> Is there any way to debug if the headers are properly set? >>>> >>>> Regards >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT >>>> is a gathering of tech-side developers & brand creativity professionals. >>>> Meet >>>> the minds behind Google Creative Lab, Visual Complexity, Processing, & >>>> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian >>>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com >>>> _______________________________________________ >>>> W3af-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/w3af-users >>>> >>>> >>> ------------------------------------------------------------------------------ >>> Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT >>> is a gathering of tech-side developers & brand creativity professionals. >>> Meet >>> the minds behind Google Creative Lab, Visual Complexity, Processing, & >>> iPhoneDevCamp as they present alongside digital heavyweights like Barbarian >>> Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com >>> _______________________________________________ >>> W3af-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/w3af-users >>> >>> >> >> >> >> > > > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity professionals. Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp as they present alongside digital heavyweights like Barbarian > Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
