I believe the answer is in the authentication part of docs [0], most likely in [1].
Regarding 2FA, the way I would do it is to authenticate using a browser, then get the cookie and set it in w3af as explained in [1] [0] http://docs.w3af.org/en/latest/authentication.html [1] http://docs.w3af.org/en/latest/authentication.html#setting-http-cookie On Thu, Sep 1, 2016 at 9:16 PM, Vimal SRINIVASAN <[email protected]> wrote: > Nice point highlighted by Blaharski. I am curious what if the SSO have 2FA. > > Regards, > Vimal. > > > On Sep 1, 2016 11:11 PM, "Blaharski, Jared" <[email protected]> > wrote: >> >> To Whom It May Concern: >> >> >> >> The website that we would like to scan has a SSO system and a HTTP >> redirect. Will your software have any trouble with handling that when doing >> the crawl through the website? >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> W3af-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> > > ------------------------------------------------------------------------------ > > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
