Re: [W3af-users] Question re: Login bypass for Web PT

Tue, 21 Aug 2012 13:20:02 -0700 

Hi Andres:

How/where are the auth plugins (within w3af) ?

Also, I should have clarified last email, it is https. Will the plugins be able 
to pass the https login screen ? 

Thank you.
Sam

--- On Tue, 8/21/12, Andres Riancho <[email protected]> wrote:

From: Andres Riancho <[email protected]>
Subject: Re: [W3af-users] Question re: Login bypass for Web PT
To: "Sourav Bhattacharya" <[email protected]>
Cc: [email protected]
Date: Tuesday, August 21, 2012, 1:06 PM

Sourav,

On Tue, Aug 21, 2012 at 5:00 PM, Sourav Bhattacharya <[email protected]> 
wrote:


Hi:

I am trying to use w3af for an web app to Pen Test, run usual OWASP and other 
popular attacks. 

The Web app landing page has a login screen, and to make the plugins pass the 
login page successfully I tried to provide the username and password with the 
(w3af GUI option) Configuration, Configure HTTP Settings, Basic HTTP 
Authentication options. 



Does it use HTTP Basic authentication? If you see a nice form, which is defined 
with HTML then the answer is no. You should use the auth plugins for that.
 


But, it does not seem to work. Everytime I do the scan, w3af seems stuck at the 
login page, the scan ends very rapidly and essentially is not reaching internal 
(post login screen) pages.



Any tips would be greatly appreciated.

Regards,
Sam

------------------------------------------------------------------------------

Live Security Virtual Conference

Exclusive live event will cover all the ways today's security and

threat landscape has changed and how IT managers can respond. Discussions

will include endpoint security, mobile security and the latest in malware

threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________

W3af-users mailing list

[email protected]

https://lists.sourceforge.net/lists/listinfo/w3af-users





-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af


GPG: 0x93C344F3



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to