I might be wrong now, but can't you just capture the session cookie with the proxy and in someway add it as a additional header? I haven't tried it myself, but right now when I look at the GUI there is an option in "Configure HTTP settings"->headersFile. Perhaps you will also have to check the "ignoreSessCookies"-checkbox.
That is what I would have tried in any case. Good Luck! / Alex 2009/6/1 Dunsirn, Alyssa <[email protected]>: > I've just started using w3af and have been very successful scanning as an > unauthenticated user. I'd like to scan as an authenticated user and outside > of using spiderman, don't see how I can do this. We use SiteMinder to > protect our applications and use forms authentication. Is there a way I can > authenticate to the website and then start the scan? Any help would be > appreciated....even if it's just pointing me in the direction of > documentation that I'm missing. > > Alyssa > > Alyssa Dunsirn > Software Security Consultant > Great Lakes Educational Loan Services > 608-246-1427 > > ------------------------------------------------------------------------------ > Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT > is a gathering of tech-side developers & brand creativity professionals. > Meet > the minds behind Google Creative Lab, Visual Complexity, Processing, & > iPhoneDevCamp as they present alongside digital heavyweights like Barbarian > Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > ------------------------------------------------------------------------------ Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
