There is not much to say... you should capture the HTTP traffic, understand what w3af is sending, understand what the application expects, and make them match.
On Fri, Dec 6, 2013 at 1:46 AM, prakash jayabalan <prakashj...@gmail.com> wrote: > Sorry Riancho. It was a typo. There is no space before and after the > passwordInput. Please lemme know in case you need further info for analysis. > The correct POST body is given below: > > j_username=Administrator&j_password=172.16.X.X%3BDragon@1234&mxnego_auto_login=disabled&usernameInput=Administrator&passwordInput=Dragon@1234&domainInput= > > Thanks. > > > On Thu, Dec 5, 2013 at 9:48 PM, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> On Thu, Dec 5, 2013 at 12:15 PM, prakash jayabalan >> <prakashj...@gmail.com> wrote: >> > Hi All, >> > >> > I am new to W3AF. Can someone help me with the authenticated scans >> > please? I >> > am unable to scan past the authentication page. >> > >> > I selected the Generic Auth plugin and gave the following values for the >> > POST request mentioned at the end. Kindly let me know if am wrong. >> > >> > >> > Username: Administrator >> > >> > Password: Dragon@1234 >> > >> > Username_field: usernameInput >> > >> > Password_field: passwordInput >> > >> > Auth_url: https://local_host:port/ >> > >> > Check_url: https://local_host:port/j_security_check >> > >> > Check_string: Administrator >> > >> > >> > POST https://local_host:port/j_security_check HTTP/1.1 >> > >> > Host: local_host:port >> > >> > User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 >> > Firefox/25.0 Paros/3.2.13 >> > >> > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> > >> > Accept-Language: en-US,en;q=0.5 >> > >> > Referer: https:// local_host:port / >> > >> > Cookie: JSESSIONID=xxxxxxxxxxxxxxxxxxxxxxxxxx; >> > mx-time-zone=Asia/Calcutta >> > >> > Connection: keep-alive >> > >> > Content-Type: application/x-www-form-urlencoded >> > >> > Content-Length: 158 >> > >> > >> > >> > j_username=Administrator&j_password=172.16.X.X%3BDragon@1234&mxnego_auto_login=disabled&usernameInput=Administrator&passwordInput= >> > Dragon @1234&domainInput= >> >> Is there a space before and after Dragon? >> >> > >> > Thanks in advance. Your help/suggestion is very much appreciated. >> > >> > Prakash >> > >> > >> > >> > >> > ------------------------------------------------------------------------------ >> > Sponsored by Intel(R) XDK >> > Develop, test and display web and hybrid apps with a single code base. >> > Download it for free now! >> > >> > http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk >> > _______________________________________________ >> > W3af-users mailing list >> > W3af-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/w3af-users >> > >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 > > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
