Ruel, On Thu, Feb 24, 2011 at 8:29 PM, Ruel Loehr <[email protected]> wrote: > The application which I am attempting to test has a login page. Once the > user is logged in, they receive a session id and are forwarded to another > struts action. The second struts action pulls the session for the request > and checks its validity. > > > > I'm attempting to use the spiderman plugin, but it appears that the a > different session is being used when I'm forwarded to my second action. > > > > Has anyone ever experienced this?
No, not me. > Are there any configurations I might be > missing? I haven't found anything yet by viewing the docs or mail > archives. Have you read the HOWTO about performing an authenticated scan [0] ? While I think that you've got it covered and this sounds more like a w3af bug, please read the HOWTO and try again. If its still not working, would it be possible for us to get our hands on that web application, or the recorded HTTP requests of w3af failing to login AND a browser succeeding? [0] http://sourceforge.net/apps/trac/w3af/wiki/perform-authenticated-scan-howto > > ------------------------------------------------------------------------------ > Free Software Download: Index, Search & Analyze Logs and other IT data in > Real-Time with Splunk. Collect, index and harness all the fast moving IT > data > generated by your applications, servers and devices whether physical, > virtual > or in the cloud. Deliver compliance at lower cost and gain new business > insights. http://p.sf.net/sfu/splunk-dev2dev > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
