Hello, Recently, I started exploring REST API of w3af and stumbled upon few things which I couldn't understand and thought of seeking your advice.
From the documentation it's understood that in order to initiate a scan following is the format : { "target_urls": ["http://127.0.0.1:8000/audit/sql_injection/"], "scan_profile": "[grep.strange_headers]\n\n[crawl.web_spider]\nonly_forward = False\nfollow_regex = .*\nignore_regex = \n\n" } w3af features different profiles which are located under https://github.com/andresriancho/w3af/tree/master/profiles Lets say, if I want to use OWASP TOP 10 profile for an authenticated scan using REST API /scan endpoint, what should be the format in the profile for form based authentication. I have checked the useful auth plugin but doesn't understand how to use these plugin inside a profile. for example: In OWASP TOP 10 profile, I can see under http settings options are there for basic authentication [http-settings] proxy_port = 8080 url_parameter = never_404 = headers_file = proxy_address = basic_auth_domain = always_404 = max_http_retries = 2 ntlm_auth_user = ntlm_auth_passwd = ignore_session_cookies = False timeout = 0 user_agent = w3af.org basic_auth_user = basic_auth_passwd = My question is, how do I use form based credential/options in this profile ? I would be really grateful , if someone can answer this question for me with the help of an example or required format to perform such type of authenticated scan via REST API endpoint. Please provide an example format so that I can understand it clearly. Regards Snehil Khare _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users