Hello!!
I am setting w3af for formAuthBrute but not working. The form only has a
password box and w3af detects it... but doesn't the brute force attack: The
configuration of formAuthBrute is default and the output is this:
The page language is: en
Starting formAuthBrute plugin execution.
http://192.168.100.10/index.php detected a form with a password field and no
username field.
http://192.168.100.10/index.php detected a form with a password field and no
username field.
Found 1 URLs and 2 different points of injection.
The list of URLs is:
- http://192.168.100.10/index.php
The list of fuzzable requests is:
- http://192.168.100.10/index.php | Method: GET
- http://192.168.100.10/index.php | Method: GET | Parameters: (password="")
Password profiling TOP 100:
- [1] enable with 1 repetitions.
- [2] JavaScript with 1 repetitions.
- [3] turned with 1 repetitions.
- [4] auth with 1 repetitions.
- [5] Your with 1 repetitions.
- [6] enter with 1 repetitions.
- [7] your with 1 repetitions.
Finished scanning process.
Thanks for help!
--
- Null
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
