Token in url

Ahobdy's Avatar

Ahobdy

08 Feb, 2019 05:29 PM

I am trying to use automate Arachni to perform authenticated scans against an application. Once authenticated , the application provides a token that is appended to the base url for all subsequent pages (i.e. If token is abc123, authenticated pages could be found at http://host.com/;stok=abc123/something).

I have successfully gotten the login_script to login and have verified that by printing the http response to the post, but Arachni is only scanning the pages that are accessible when unauthenticated. Does Arachni support this behavior?

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac