Mixed Content Insecure HTTP Url's Missed During Scanning
In a nutshell, your scanner works flawless on basic test sites as in:
https://googlesamples.github.io/web-fundamentals/fundamentals/secur...
https://googlesamples.github.io/web-fundamentals/fundamentals/secur...
but when I had a dev intentionally add an http link on an iframe that contains Java Script referencing the non secure link, the scanner did not detect it. Upon further investigation, I examined using Firefox web dev tools (network), and can see the domains that are involved until the spider reaches the url that contains the insecure http link so I was thinking since these domains are not within the scope, that could be causing the scanner to not pick up the vulnerable java-script page. I have attached some screen-shots to give you a better understanding. Additionally I created a custom profile and enabled:
dom_depth_limit: 3 directory_depth_limit: 3 checks:
- mixed_resource no_fingerprinting: true
and kept the rest as the defaults. Thank you in advanced.
- 5-24-2018_11-35-02_AM.png 35.9 KB
- 5-25-2018_2-08-38_PM.png 155 KB
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by minddabizz on 29 May, 2018 07:30 PM
Could it be the captch that is causing issues: