Re: [W3af-users] Need help with Authenticated scans in W3AF

Thu, 05 Dec 2013 20:48:51 -0800 

Sorry Riancho. It was a typo. There is no space before and after the
passwordInput. Please lemme know in case you need further info for
analysis. The correct POST body is given below:

j_username=Administrator&j_password=172.16.X.X%3BDragon@
1234&mxnego_auto_login=disabled&usernameInput=
Administrator&passwordInput=Dragon@1234&domainInput=

Thanks.


On Thu, Dec 5, 2013 at 9:48 PM, Andres Riancho <andres.rian...@gmail.com>wrote:

> On Thu, Dec 5, 2013 at 12:15 PM, prakash jayabalan
> <prakashj...@gmail.com> wrote:
> > Hi All,
> >
> > I am new to W3AF. Can someone help me with the authenticated scans
> please? I
> > am unable to scan past the authentication page.
> >
> > I selected the Generic Auth plugin and gave the following values for the
> > POST request mentioned at the end. Kindly let me know if am wrong.
> >
> >
> > Username: Administrator
> >
> > Password: Dragon@1234
> >
> > Username_field: usernameInput
> >
> > Password_field: passwordInput
> >
> > Auth_url: https://local_host:port/
> >
> > Check_url: https://local_host:port/j_security_check
> >
> > Check_string: Administrator
> >
> >
> > POST https://local_host:port/j_security_check HTTP/1.1
> >
> > Host: local_host:port
> >
> > User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101
> > Firefox/25.0 Paros/3.2.13
> >
> > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >
> > Accept-Language: en-US,en;q=0.5
> >
> > Referer: https:// local_host:port /
> >
> > Cookie: JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxxxxx; mx-time-zone=Asia/Calcutta
> >
> > Connection: keep-alive
> >
> > Content-Type: application/x-www-form-urlencoded
> >
> > Content-Length: 158
> >
> >
> > j_username=Administrator&j_password=172.16.X.X%3BDragon@1234
> &mxnego_auto_login=disabled&usernameInput=Administrator&passwordInput=
> > Dragon @1234&domainInput=
>
> Is there a space before and after Dragon?
>
> >
> > Thanks in advance. Your help/suggestion is very much appreciated.
> >
> > Prakash
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Sponsored by Intel(R) XDK
> > Develop, test and display web and hybrid apps with a single code base.
> > Download it for free now!
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
> > _______________________________________________
> > W3af-users mailing list
> > W3af-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>

------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to