HTTP-Authentication and Session-Check

sebastien.aucouturier's Avatar


05 Jun, 2017 07:13 AM

can they be use both ? my first test show that filling bad value in session check, do not impact the scan ?

arachni --checks=- --http-authentication-username=admin --http-authentication-password="*****" --session-check-url=mywebsite/status --session-check-pattern="logged" mywebsite

At the end, i am looking for a tips (logs or output) to know that the user/password were use successfully in http-authentication.

  1. Support Staff 1 Posted by Tasos Laskos on 05 Jun, 2017 10:13 AM

    Tasos Laskos's Avatar

    If you want to know whether or not HTTP auth was successful you can check the HTTP status codes of the pages as they're being crawled/audited, if the auth is not successful you'll probably get a 401 or 403.

    You could use a the session check options and they theoretically should work and you'll see a status message that says that the check failed.

  2. Tasos Laskos closed this discussion on 11 Jun, 2017 10:40 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac