Hello,
I am trying to run using the console and GUI version of a w3af, an
automated testing against the dvwa version DVWA-1.0.8.
The script is below.
#
-----------------------------------------------------------------------------------------------------------
#Configure HTTP settings
http-settings
set timeout 30
back
#Configure scanner global behaviors
plugins
#Configure entry point (CRAWLING) scanner
crawl web_spider
crawl config web_spider
set only_forward False
set ignore_regex (?i)(logout|disconnect|signout|exit)+
back
#Configure vulnerability scanners
##Specify list of AUDIT plugins type to use
audit blind_sqli,sqli,xss
##Customize behavior of each audit plugin when needed
##Specify list of GREP plugins type to use (grep plugin is a type of plugin
that can find also vulnerabilities or informations disclosure)
##Specify list of INFRASTRUCTURE plugins type to use (infrastructure plugin
is a type of plugin that can find informations disclosure)
#Configure target authentication
auth detailed
auth config detailed
set username admin
set password password
set method POST
set auth_url http://localhost/dvwa/login.php
set username_field username
set password_field password
set check_url http://localhost/dvwa/index.php
set check_string 'admin'
set data_format username=%U&password=%P&Login=Login
back
#Configure reporting in order to generate an HTML report
output console, html_file
output config html_file
set output_file /tmp/W3afrpt.html
set verbose True
back
output config console
set verbose False
back
back
#Set target informations, do a cleanup and run the scan
target
set target http://localhost/dvwa
set target_os unix
set target_framework php
back
cleanup
start
Observed the following:
Can't login into web application as admin/password
My OS : Kali
Please guide.
--
Regards,
-S-
------------------------------------------------------------------------------
Get your SQL database under version control now!
Version control is standard for application code, but databases havent
caught up. So what steps can you take to put your SQL databases under
version control? Why should you start doing it? Read more to find out.
http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
