Re: [W3af-users] Question re: Login bypass for Web PT

Tue, 21 Aug 2012 13:08:26 -0700 

Sourav,

On Tue, Aug 21, 2012 at 5:00 PM, Sourav Bhattacharya <sourav...@yahoo.com>wrote:

> Hi:
>
> I am trying to use w3af for an web app to Pen Test, run usual OWASP and
> other popular attacks.
>
> The Web app landing page has a login screen, and to make the plugins pass
> the login page successfully I tried to provide the username and password
> with the (w3af GUI option) Configuration, Configure HTTP Settings, Basic
> HTTP Authentication options.
>

Does it use HTTP Basic authentication? If you see a nice form, which is
defined with HTML then the answer is no. You should use the auth plugins
for that.


>
> But, it does not seem to work. Everytime I do the scan, w3af seems stuck
> at the login page, the scan ends very rapidly and essentially is not
> reaching internal (post login screen) pages.
>
> Any tips would be greatly appreciated.
>
> Regards,
> Sam
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>


-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to