Target Auth

Marco's Avatar

Marco

29 Oct, 2014 05:04 PM

Hello,

I was wondering if is possible to set up web application credential during the scan setup phase instead of configure it in the scanner profile.
Moreover, there is any chance to get a module to check and test if the credential are working as expected?

Too much time spent on trouble shooting auth problem and understand if it is really working.

Thanks

  1. Support Staff 1 Posted by Tasos Laskos on 29 Oct, 2014 09:30 PM

    Tasos Laskos's Avatar

    Hello there,

    Arachni is a fully automated system so there's no changing the configuration mid-scan.

    However, if you do configure the session options via the autologin or proxy, Arachni will automatically perform a login check and automatically relogin after each page audit, so such a module wouldn't be necessary.

    However, I do realize that there are login procedures much more complex than those plugins can handle and I'm currently working on a plugin PoC that people can extend to provide their own login procedures.

    Cheers

  2. Support Staff 2 Posted by Tasos Laskos on 01 Nov, 2014 12:52 PM

    Tasos Laskos's Avatar

    (I just re-read your post and it seems like you had a different question from the one I answered, sorry about that.)

    You may have been experiencing a bug I just solved, could you please retry with the newest nightlies?

    Still, the credentials will have to be specified in the profile. It's best to have a master profile and then copies for each website, with any special configuration that might be necessary.

    Also, since we're discussing logins, you might be interested in the new login_script plugin (also in the nightlies), although it's not available via the WebUI, only the CLI.

    Cheers

  3. Tasos Laskos closed this discussion on 01 Nov, 2014 12:52 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac