HTTP-Authentication and Session-Check
Tasos,
can they be use both ? my first test show that filling bad value in session check, do not impact the scan ?
arachni --checks=- --http-authentication-username=admin --http-authentication-password="*****" --session-check-url=mywebsite/status --session-check-pattern="logged" mywebsite
At the end, i am looking for a tips (logs or output) to know that the user/password were use successfully in http-authentication.
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 05 Jun, 2017 10:13 AM
If you want to know whether or not HTTP auth was successful you can check the HTTP status codes of the pages as they're being crawled/audited, if the auth is not successful you'll probably get a 401 or 403.
You could use a the session check options and they theoretically should work and you'll see a status message that says that the check failed.
Tasos Laskos closed this discussion on 11 Jun, 2017 10:40 AM.