Sourav,
On Tue, Aug 21, 2012 at 5:18 PM, Sourav Bhattacharya <[email protected]>wrote:
> Hi Andres:
>
> How/where are the auth plugins (within w3af) ?
>
Just below the audit plugins in the GTK UI treeview that you use to
enable/disable plugins. Make sure you've got the latest w3af version.
>
> Also, I should have clarified last email, it is https. Will the plugins be
> able to pass the https login screen ?
>
Yes, https shouldn't be an issue.
>
> Thank you.
> Sam
>
> --- On *Tue, 8/21/12, Andres Riancho <[email protected]>* wrote:
>
>
> From: Andres Riancho <[email protected]>
> Subject: Re: [W3af-users] Question re: Login bypass for Web PT
> To: "Sourav Bhattacharya" <[email protected]>
> Cc: [email protected]
> Date: Tuesday, August 21, 2012, 1:06 PM
>
>
> Sourav,
>
> On Tue, Aug 21, 2012 at 5:00 PM, Sourav Bhattacharya
> <[email protected]<http://mc/[email protected]>
> > wrote:
>
> Hi:
>
> I am trying to use w3af for an web app to Pen Test, run usual OWASP and
> other popular attacks.
>
> The Web app landing page has a login screen, and to make the plugins pass
> the login page successfully I tried to provide the username and password
> with the (w3af GUI option) Configuration, Configure HTTP Settings, Basic
> HTTP Authentication options.
>
>
> Does it use HTTP Basic authentication? If you see a nice form, which is
> defined with HTML then the answer is no. You should use the auth plugins
> for that.
>
>
>
> But, it does not seem to work. Everytime I do the scan, w3af seems stuck
> at the login page, the scan ends very rapidly and essentially is not
> reaching internal (post login screen) pages.
>
> Any tips would be greatly appreciated.
>
> Regards,
> Sam
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> W3af-users mailing list
> [email protected]<http://mc/[email protected]>
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
