Use cookie_jar to do authenticated scan
Dear Tasos,
I would like to do a authenticated scan using arachni, that is scan a web application that requires login. The login form is submitted by javascript so autologin can't help here. Plus I still have problem while using arachni proxy to handle this situation. So I turn to cookie jar for help.
I'm trying to use arachni rpc api to set option "cookie_jar" in order to do authenticated scan. I'm using "mechanize" to collect cookies. Can I pass all the cookies I collected to arachni? Or only one cookie? If only one cookie is accepted, which cookie should I pass to arachni server? The session id?
Thanks in advance.
Best,
Yanjin
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 05 Nov, 2012 05:19 PM
Hi,
You can pass all cookies as a hash, see: https://github.com/Arachni/arachni/wiki/RPC-API#wiki-options_cookie...
Tasos Laskos closed this discussion on 05 Nov, 2012 05:19 PM.