I believe the answer is in the authentication part of docs [0], most likely in [1].
Regarding 2FA, the way I would do it is to authenticate using a browser, then get the cookie and set it in w3af as explained in [1] [0] http://docs.w3af.org/en/latest/authentication.html [1] http://docs.w3af.org/en/latest/authentication.html#setting-http-cookie On Thu, Sep 1, 2016 at 9:16 PM, Vimal SRINIVASAN <onlivi...@gmail.com> wrote: > Nice point highlighted by Blaharski. I am curious what if the SSO have 2FA. > > Regards, > Vimal. > > > On Sep 1, 2016 11:11 PM, "Blaharski, Jared" <jared.blahar...@covisint.com> > wrote: >> >> To Whom It May Concern: >> >> >> >> The website that we would like to scan has a SSO system and a HTTP >> redirect. Will your software have any trouble with handling that when doing >> the crawl through the website? >> >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> W3af-users mailing list >> W3af-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-users >> > > ------------------------------------------------------------------------------ > > _______________________________________________ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
