Target Auth
Hello,
I was wondering if is possible to set up web application
credential during the scan setup phase instead of configure it in
the scanner profile.
Moreover, there is any chance to get a module to check and test if
the credential are working as expected?
Too much time spent on trouble shooting auth problem and understand if it is really working.
Thanks
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 29 Oct, 2014 09:30 PM
Hello there,
Arachni is a fully automated system so there's no changing the configuration mid-scan.
However, if you do configure the session options via the
autologinorproxy, Arachni will automatically perform a login check and automatically relogin after each page audit, so such a module wouldn't be necessary.However, I do realize that there are login procedures much more complex than those plugins can handle and I'm currently working on a plugin PoC that people can extend to provide their own login procedures.
Cheers
Support Staff 2 Posted by Tasos Laskos on 01 Nov, 2014 12:52 PM
(I just re-read your post and it seems like you had a different question from the one I answered, sorry about that.)
You may have been experiencing a bug I just solved, could you please retry with the newest nightlies?
Still, the credentials will have to be specified in the profile. It's best to have a master profile and then copies for each website, with any special configuration that might be necessary.
Also, since we're discussing logins, you might be interested in the new login_script plugin (also in the nightlies), although it's not available via the WebUI, only the CLI.
Cheers
Tasos Laskos closed this discussion on 01 Nov, 2014 12:52 PM.