Houcem,
On Tue, May 3, 2011 at 7:47 AM, Houcem HACHICHA
<[email protected]> wrote:
> Hello everyone,
> I'm running w3af against the DVWA [1]
> As you probably know, DVWA requires the user to login before browsing the
> vulnerable web application.
> Is there a way to specify these credentials to w3af by setting sessions
> cookies or post data?
http://sourceforge.net/apps/trac/w3af/wiki/perform-authenticated-scan-howto
> And in case I crawl the application manually and authenticate with
> SpiderMan, will w3af be authenticated when performing automated crawling?
Yes, it should continue using the session that you provided him
during the manual crawling phase. Make sure you blacklist the logout
link in webspider.
> Finally, are the requests/responses made by plugins saved somewhere in the
> system by w3af?
It depends on what you're using, but if you use the console UI,
just enable the textFile plugin and set the correct text file where
all HTTP requests and responses are saved to.
> Thanks in advance,
> [1] http://www.dvwa.co.uk/
>
> --
> Regards,
> Houcem
>
>
>
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today. Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
