Tom, Regarding certificate-based client authentication for webapp pentests, especially using Java-based proxies, check:
http://blog.taddong.com/2010/04/certificate-based-client-authentication.html You can change the w3af User-Agent string from the "Configuration - HTTP Config - Misc" menu, or through a w3af configuration script in the command line version, using the "set userAgent USERAGENT" option. Cheers, ---- Raul Siles Founder & Senior Security Analyst Taddong [email protected] | +34-639109172 | www.taddong.com Twitter: www.twitter.com/taddong On Tue, Jun 1, 2010 at 9:44 AM, Tom Ueltschi <[email protected]> wrote: > hi all, > > can you scan a webapp that requires a client certificate for authentication > with w3af? (or do you know other tools that can do this?) > > can you change the user-agent string to anything else (not w3af like) ? > > thanks and cheers, > tom > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
