Hi, I am doing some penetration testing on a web application. This application doesn't offer any great functions without actually logging in. I found some posts about authenticated scans from earlier times here on this list. So I use spider-man and I set correct regex pattern for ignoring some parts of the application. I selected various combinations of plugins and I always end with some w3af proxy traceback. I suppose that this is due because of some aggressive test interfering with application logic. unfortunatelly I can't give you more specific info about the application. I wonder if following would be possible: 1. Scan just structure of the application with spiderman and webspider, probably some little URL fuzzing but maybe not. 2. export all found URLs. 3. run W3Af again with these URLs imported and valid user session token (cookie) supplied. Or is there any other thing that would help me? Like running tests in strictly given order? thank oyu very much, Vojta
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
